What's your general feeling about the Phishing volumes which are getting through ? Have you seen any differences between different locations ?
We have pretty big user community in Europe and US without major phishing problems (only few reports ) but we are getting a lot of reports (daily) from South Africa (with ~5000 users).
Our IronPort rules are similar for Africa than it's for rest of the world. We are also adding X-header if message is ranked as "suspected" SPAM but seems that all passed phishing messages are clean and not detected by IronPort.
Have you seen similar problems ?