Experts estimate that at least 50 percent of all email is now spam or unsolicited commercial email. Firms without spam filters already in place should evaluate them now. Their final purchasing choices are likely to be influenced by hardware and staffing considerations.

Firms that choose to host their own anti-spam filter will have total control over the technology and will be able to build up expertise. But in many cases this will be the most expensive option. Some systems can tune themselves automatically, but others need to be maintained by IT staff. Either way, they should provide an email interface so users can make their own adjustments.

Open source and commercial products are available to combat spam. Often the price of a commercial anti-spam system is roughly in line with its value. Currently, anti-spam systems are likely to cost twice as much as the basic email and antivirus infrastructure behind them.

The vendors of anti-spam filters often point out that spam can tie up corporate resources such as routers and mail servers, and result in unnecessarily high bills from ISPs. Vendors also warn that firms face the possibility of constructive dismissal claims if staff quit because they receive inappropriate spam or it interferes with their work. However, most firms buy a spam filter for one reason - to improve staff productivity. Without filters, people may spend too much time dealing with junk mail and less time doing work of value to the business.

There are a wide range of products that deal with the various aspects of the problem and they use a number of technologies. Specific anti-spam tools should be chosen for specific jobs. For example, end-users could install their own anti-spam tools, but this would not relieve the mail system from having to process the spam.

Perhaps the most important question for firms considering a spam filter is how many false positives users would tolerate - a false positive being a legitimate email that is incorrectly identified and handled as spam.

Many salespeople would not accept any false positives in case they lose customers. Providing spam filtering for such people is difficult, but not impossible. At the other extreme are firms that want to guarantee that all spam is removed. For example, anyone providing an email system for use by children would probably want to be absolutely sure that all spam is successfully filtered.

Currently, there are two ways to guarantee that no spam gets through to users. One is to run a whitelist-only mail system, where mail only passes through the spam filter if the sender has prior approval. The other is to issue a password that people must include in the body of their email.

Most spam filters can be configured to automatically accept mails containing such passwords. Experts suggest something as simple as the user's phone number would make a highly effective password.

Clearly, spam is a complex problem, and the best solution for one firm is not always the best for another. Most experts agree a mix of technologies is needed to create an efficient anti-spam system. For example, combining a block list with a Bayesian filter will keep out a greater proportion of spam than either technology on its own.

Most vendors say their products contain the perfect mix of filtering technologies, even though almost all of them plan to add new capabilities to the next versions of their products. It is also worth noting that we have not found any vendors that guarantee the results of their filtering.