End users have to be involved in deciding what is spam, he explains, because what’s unwanted can vary widely not just from one company to the next, but from one person to the next. What looks like spam to the rest of the world could be essential business communication for certain employees. Colorful language might be important to a customer service agent (displeased customers often lose their tempers, after all), anatomical references may be work-related for a doctor in a research hospital, and Viagra messages could very well be germane to someone in the pharmaceutical industry.

Case in point: When John Zarb, CIO of Libbey, a manufacturer of glassware, china and flatware, tested the Guenivere (a virus and subject-line filter) and SpamAssassin (an open-source spam filter), he had to shut them off after 10 days because they were rejecting important legitimate e-mails. The filters bounce mail with a spam score of 7.5, yet they were automatically assigning 7 points to e-mails from an Asian country in which Libbey has business relationships. Another rule assigned what Zarb calls "bad points" for using all capital letters. Since using all caps is common practice in that Asian country, messages from those business partners easily racked up more than 7.5 points and therefore got zapped. "If the message is a transport document, ouch," says Zarb. His group tweaked the default settings so that Asian e-mails wouldn’t automatically accrue so many points. Today, the filters block about 70 percent of Libbey’s spam, and Zarb says the false positive rate is far lower but not zero. Because some messages are too critical to miss, he decided to exempt a few employees who deal with international issues from the SpamAssassin filter.

As Zarb quickly discovered, once you start filtering mail, you run the risk of blocking legitimate e-mails because they look like spam. Avoiding an unacceptable level of "false positives" requires a delicate balancing act. Although most vendors will claim they capture at least 90 percent of spam, going above 90 percent will probably result in too many false positives, says Matt Cain, a senior vice president at Meta Group. "You could crank it up and catch 98 percent of spam. But you’d get an unhealthy amount of false positives," he says. "And if you go down to 85 percent, you’ll have very few false positives, but too much spam will be getting through."

At printing ink manufacturer Flint Ink, Vice President and CIO Don Barnowski has been trying out Symantec’s Norton antispam product. After initially filtering on 300 to 400 keywords, false positives were a daily occurrence. "We started to get calls from people not getting e-mail they were expecting," he says. "That was a red flag; you don’t want people questioning the integrity of e-mail delivery."