Company I work for atm has no filtering policy, due to the fact that a lot of stuff in the industry actually looks very much like spam - foreign languages, lame http designs, loads of spammy keywords. So nothing is filtered server side following "better train your thunderbird properly rather than risk upsetting potential contract in Asia by overeager bounceback". And I have to say, it mostly works - bandwidth waste aside - even typical spam infested mailboxes (support@ or jobs@, stuff that gets hit by up to 5,000 enlargements a day in Cialis scale) can be filtered client side very quickly and efficiently.
In my home office I run strict rbl/spamd/clamd config and it purges about 80% of stuff arriving at my doorstep. I like it to the point I wish there was something like this for telecommunications and regular Royal Mail as I hate random calls and letterbox spam more than occassional retarded "Gwaliboobies Medz confirms bigger papaya!" or "Engelbert - this st0ck is h0t mama" email with some messy GD generated jpg with complete coblers that gets through the filters (btw, who are these messages for, I mean, come on, the formatting and contents are just grotesque - when was the last time you felt like buying aspirin online from someone quoting random paragraphs from Dickens over some gobleedeegook url? How many Down syndrom credit card holders need roofies?)
For massive corporate solution I would suggest looking into something like Iron Port, it kicks four letters and takes serious load off admins shoulders if you work for like a big company that leaves a lot of PR or sales contacts and email addies about... Can be expensive though.
