[Poohbah]

Do what I do: I have a rule that throws everything into the junk folder unless the sender is known to be legit.

[Prime Choice]

Do what I do: I have a rule that throws everything into the junk folder unless the sender is known to be legit.

I take it a few steps further. To wit:

1. The biggest offending countries (such as China and Taiwan) are blackholed at the border firewall and the system IP filtering software.
2. Incoming e-mail domains in the 'from' address must exist. If the domain doesn't exist, the spammer cannot drop mail at my systems. The system won't let 'em get to the RCPT TO and DATA part of the SMTP exchange.
3. Blacklists of known spamhausen are kept. One of the more recent that was blacklisted was a domain called "OptInRealBig.com" that got some press for suing an anti-spam outfit.
4. After all that, the mail system is monitored by a "greylist" software which maintains both blacklists and whitelists. That way, known people can e-mail any ol' time...the bad guys are kicked out the door even if they get past the first three levels of anti-spam measures, and new people who send e-mail are given a challenge-response e-mail that they must reply to before the mail will be delivered (and if they don't reply, then they're auto-blacklisted in 14 days).

Pretty neat, eh? : )

After implementing all that, I've seen maybe two spams in the past three months.