I was recently asked to review this whitepaper that argues that building your messaging system costs more in the long run than paying a hosting company to do it for you.
I originally made this post on the issue where I argued that anti-spam companies have an advantage over a company building a solution themselves:
I think another selling point is that system administrators are not experts in the anti-spam field. They cannot react quickly enough to new spam threats because they don't have the experience. Spammers have the advantage over them in this regards and system admins do not process new information and apply that information as quickly as anti-spam experts.
It may have been worthwhile a few years ago to develop one's own messaging system, but the threats have evolved quickly this year. 2006 was the year when botnets exploded onto the scene and made a big impact. They've been around for as long as I've been processing spam (since July 2004) but this year they flexed their muscle. It's kind of like a star athlete being very good for a couple of seasons but having a breakout year a couple of seasons after his debut.
A good anti-spam solution depends on the number of resources available to the ones who are providing or building it. How quickly can an anti-spam solution react to new information? How much experience do they have to draw on when recognizing new, or old, spam attacks? Can they quickly figure out what blacklists are the best ones? It takes time to get enough experience to determine the best course of action for fighting spam, and while a company may have the patience to build up that learning curve, users do not. I know from experience that users have a very low spam tolerance - they want spam blocked and they want it done now. And, they don't want any false positives.
Spam solutions nowadays require a multi-layered approach to fighting spam. A company can build their own, but after they've built one solution they're going to need to supplement with another layer and then another layer on top of that. How much time and experimentation are they willing to put in? How much frustration are their users willing to put up with in the meantime?
Clearly, I have a vested interest in siding with a hosting company; I work for one. I don't believe that completely clouds my judgment. I like stock trading and I prefer to do it myself, but I also openly advocate paying someone else to do it for you if you don't want to do the work. There's nothing wrong with that, and I think it applies here. There's nothing wrong with paying a hosting company to manage your messaging for you, because you have better things to do with your time and money.