Just to clarify, this issue has nothing to do with version 10.6 as we were experiencing same problem on version 10.5.1-2 before we upgraded to 10.6.0-7. I think it started when the ThreatCon level moved up to 2: Elevated from level 1: Normal.
I can't tell what went crazy on Symantec's end because we never experieced this in the past.
What we had to do was to enable end user quarantine and have users manage their emails and whitelist. This almost work perfectly in our case except for broken MX record. Every article I found on end user quarantine states that you need ldap configured but non mentioned anything about MX record. I thought spam notifcations and emails release would use the setting under Protocol -> Domain (and "Administration -> Configuration -> Edit Host Configuration -> SMTP -> Inbound -> Inbound Local Mail Delivery") to deliver emails but instead it looks up mx record for the recipient domain and fails when it does't find it.
We have domains that do not have mx record because we didn't need to have them before we enabled end user quarantine, so recipients in that domain were never notified about quarantined emails. We also could not release any email addresses to those domains from the spam quarantine because the messaging gateway would look up mx and not find it.
We fixed that problem by creating mx record for those domains. The problem we have now is how to notify people who didn't receive spam quarantine notifications before the mx records were created, and do not have new email emails in quarantine in the last 24 hours - which triggers spam summary notification.