You've done better than us. How have you managed to train your users to forward the email as the full email, incl all headers, etc? We've found most forwarded messages do not include all headers, and therefore forwarded messages train the spam database with semi legit emails (i.e. headers are legit because they are forwarded).
Several webmail products, including Horde IMP, have a built-in "report as spam"
button. When the user clicks the button, a complete copy of the message, including full headers and HTML source, is sent to the address specified in the
site configuration. I singled out IMP because we use it. I have seen other
webmail products with the same feature, but do not recall their names.
Most users can learn to do things the right way. It is the few who cannot or will not, who make us crazy. We have a diverse user community using a variety of email clients (at least half a dozen are supported by our Help Desk). Our Help Desk created a web page with detailed instructions for every supported client, and most of the users who forward spam manually have learned to do it right.
-- Paul Russell Senior Systems Administrator University of Notre Dame
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
