It's hard to summarize the problem of spam in so little space. Here are some web sites relating to various topics I've discussed.
Spamhaus: They run DNSBLs and a clearinghouse of information on spam and spammers. If you're going to use a DNSBL, this is one of the best-managed. Their ROKSO database makes for some depressing but enlightening reading on spammer antics. Another DNSBL that I think is fairly well-run is NJABL. There are lots of other blacklists, and it's up to you (or your organization) to decide whether you like their policies or not.
There are lots of filtering products around: Spamassassin, bogofilter, and CRM114 are just a few examples of products designed primarily for spam mitigation. ClamAV is a widely-used open-source virus-scanner which also detects many kinds of phishing spam. Procmail, while not originally designed for spam filtering, provides a lot of useful user-customizable facilities (if you can deal with its amazingly cryptic syntax) for sorting mail, particularly that tagged by filtering programs like those above.