I think you're on a losing battle if you're looking to filtering to dump phishing attempts. It takes very little effort for somebody to register a domain and a cheap VPS, get SPF and DKIM all sorted so the emails are delivered reliably, and then hit you with a generic "hey log in here to reset your account details" message. The filtering on G Suite (Google Apps) is incredibly good - that advantage no doubt comes from being able to analyse the email and spam reporting from 1 billion+ Gmail users, but it's a real pain to try and use that as a separate service (RIP Postini).
We get complaints from people when emails from "Name of Manager" <
[email protected]> asking for bank transfers to be made to certain accounts get through the spam filter - it's very difficult to explain that that's not really a spam message. The only way to deal with it is either to have content policies that bin anything with a bank account number in, at which point you cripple the ability of your accounts team to get work done, or you have a rule that marks all external email in an obnoxious way. User education is probably the best way to tackle this stuff.
I wouldn't recommend chaining filtering solutions together as it tends to do really weird things for the ones that aren't being hit by the junk mail.