This is a very general question but the idea popped into my head several years ago and wanted the opinions of all the master jedi's of this forum. I had a client that no matter what was done to control there spam(spam assassin,anti-virus(email scanning) and etc) sooner or later something would slip through. So out of frustration of looking at different solution to the INTERNET that seem to be good control mechanisms for combating SPAM, nothing seems to severally reduce the problem without being to restrictive in which the customer may not receive much email at all. So I though, why not just allow email from the domains from there existing customers and block everything else. Simply query what they already have and block the rest. When a new client comes in just add it to a whitelist. To me this would eliminate most of the trash that is out there and lessen the chance of something slipping in but not 100% bullet proof. In addition to that still have your second defense barriers in place such as SPAMASSASSIN and an anti-virus email scanner in place for the domains that are allowed through. Also use SSL/TLS authentication(pretty standard) to protect credentials from being used to read email and or send SPAM through the account. Though this sounds really restrictive, it just seems more logical when it comes to protecting a business. So maybe using Sendmail, I would add this stuff under:
/etc/mail/access
1-Who we accept mail from
2-Who we accept relaying from
3-Who we will not send to etc
Sendmail blocking spam email id, ips with access database
Any feedback is greatly appreciated.