I have been for many, many years now managing a bunch of domains and the emails they receive. Because one of the domains is of a professional organization I am also a member of, the amount of email being received by that organization by way of spam was growing at an alarming rate.
I had contemplate a whole slew of schemes to manage this spam nuisance, but none of them were, IMHO, a workable scheme that would necessarily guarantee me a zero false negative – until I began to look at how these spam meisters do their craft. The realization came from recognizing that when the spamnets are activiated, these felons are paid by their paymasters on the total number of emails sent out via their zombied Windoze machines and because of their need for speed, if there was a delay in sending an email out to one address, that address would just be skipped over and would go to the next. In addition, if the target machine received the spam, and temporarily told the sender to go away for an undisclosed amount of time, these spambots would just then ignore that address.
And viola, the concept of what is now called greylisting came about. I would not claim to have invented the code for it (let alone write it), but when I figured out the ways of the spam meister, there were others who were also on the same track.
The simplicity of the idea is what is so beautiful about it. All the Bayensian networks, text processing, image deciphering etc are all good techniques, but require a far greater investment in software and potentially hardware to make a good filter. I think as a first level, for-sure method, greylisting is tops. The load on the system is very low, emails from legitimate sources are guaranteed to be delivered and false negatives are nullfied. KISS!