But you shouldn't blindly sign up for whatever antispam solution your current antivirus provider happens to have, warns Meta's Cain. He maintains that the spam offerings of many antivirus vendors are antiquated and not updated often enough to keep up with the spam threat. Keeping pace with spammers has become a full-time job; some antispam outsourcers update their rules daily, hourly or even more often if need be. Your best bet is to invest in a spam cocktail approach from a vendor or service provider with a track record of offering frequent updates (which suggests a commitment to staying current in the spam-antispam arms race) and to make sure that it does not conflict with other e-mail security services. (Ideally, all e-mail services should be integrated.)

While more than 90 antispam vendors stand ready to take your money today, the market will consolidate to about a dozen serious contenders by mid-2004, Grey predicts. She anticipates that the dozen antispam products that survive will be about equally effective, catching 95 to 98 percent of spam with an 0.5 percent false positive rate, even though they may use different technologies to filter spam. She advises choosing a vendor that supports multiple detection methods, and suggests looking at the extent to which vendors are using adaptive technologies (such as Bayesian filtering) that learn about spam's characteristics and can take a more proactive approach to blocking it.

Even though the antispam market is still maturing, you can't afford to wait and see how things will shake out. "Spam is too horrible a problem - and it's going to get more malicious. Two years ago, spam was a little annoyance. If you had a blacklist in place, everything was OK. That's not the case today," says Grey. "You need to do something right now, even though none of this is completely baked."