If you don't want to set up anything yourself, you have yet another option available: routing your organization's email through an external service that scans for spam before the mail reaches your own servers. Such services include Postini, CyberLynk, and Sifter, to name a few.
To use these services, you modify your DNS records to point your MX (mail exchanger) entries to another company's servers instead of your own. That way, when people send mail to your domain, it gets routed through the content-filtering company's servers first, and they then route the filtered mail to you.
The biggest advantage of these services, of course, is that they don't involve any complicated changes at your company's endno new software to install or configure, no new administrative headaches. The downside is that you lose some control over the filtering process, since you're now trusting another organization to do your filtering for you. To find out what techniques are being usedDNSBLs, feature recognizers, Bayesian filtering, etc.you'll often have to ask the provider in question, since they tend to be rather vague about this aspect, figuring that their customers aren't interested in those details.
What you should be concerned about, however, is how these services handle false positives. Some just discard the spam they detect, while others offer you the option of having such items forwarded to some specific quarantine address where you can manage it yourself (which typically means that all of the quarantine management is left on the administrator's shoulders). Postini and Sifter offer web-based management tools you can use to visit the quarantine area and manage the contents, either as the administrator or as an end user.
There are more services out there that we haven't mentioned, but in general the anti-spam vendors seem to focus on software and appliances.