Spam control is one of the biggest challenges in the IT world, comprising well over half of all email traffic. The problem is that there is no clear line between what is spam and what is not. Spammers go to great lengths to send messages that do not get filtered out, and some legitimate email messages have the characteristics of spam. There are spam filters available, both cloud-based and server room appliances, that use a combination of heuristics (making decisions based on analyzing the characteristics of the emails) and published blacklists of domains that have a history of sending spam. While the blacklists are absolute, the heuristics are making programmed best-guesses based on evidence in the email. Also, the heuristic rules “learn” over time to become more effective for an organization. While a person can recognize most spam immediately, the programmed rules in the spam filter are sometimes less definitive. Whitelists are used to override the filter process to tell the device that anything from the whitelisted domain should be passed through. Remember that spam originating from a whitelisted account will always get through.
There are settings in most filters that adjust the heuristic decision thresholds. Increasing the filter thresholds will decrease the spam but will cause more false-positives, meaning that more valid emails will be blocked. Decreasing the thresholds will reduce false-positives but allow more spam. There is no setting that will guarantee that all spam is blocked and all valid messages are allowed. Even people have a hard time distinguishing some messages.
I know this is a frustrating problem but I hope this explanation helps. If the volume of spam you are receiving seems unreasonable, we can evaluate your situation and recommend an appropriate solution.