I recently found IT Security's list of the 25 most common mistakes in email security.

It an interesting read, although not necessarily all of the advice is up-to-date. For example, blacklisting spam sender addresses is useless these days - every spam i've ever seen uses a fake sender address. But the principle still holds: you should mark a spam message as junk rather than deleting it.

...