Paul Graham writes about A Plan for Spam involving statistical analysis of an individual users email. Start with two big chunks of mail -- one that is known to be all spam, one that is known to be spam-free. Based on this, he was able to devise a system that works pretty damn well.
I found this via a link from slashdot. The accompanying discussion is more useful than most slashdot conversations and has numerous links to other spam fighting software and theories.