Thank you for the post. You are on the right track. Training the system will help reduce the number of false positives you are receiving. The more "similar" documents you train, the better. I will do some research for any tips and tricks to assist you.
Product Management - McAfee Email Gateway
Nice to know I'm on the right track.
Any recommendations on how to test or implement? I'd like to run this in monitor only mode before putting it into production. Is that possible?