white list practise is very good.<br><br>So basically you firewall all what is not allowed/unknown.<br><br>Another technology is to *require* people sending emails to you answer anti-spam question : such as picture recognition.
<br><br>Those two technologies combines leaves zero chance for virus/spam get to you. Even if virus attacks friend's computers and he starts spamming, all emails gets blocked, until he manually answers picture-recognition questions.
<br><br>Some Linuxoids go much more far than that, by implementing draconian measures; allowing ONLY plain text incoming email, all else is blocked. That is all images/flash/javascript/attachments or emails that include at least one component of those are blocked totally.
<br><br>HTMLs looks as text, is not rendered, so it's impossible to use browser weakness/hole in rendering engine.<br><br>