Antispam -- false positives are NOT acceptable

My fellow blogger Alex Scoble just posted something that I think misses a couple of points, in the area of antispam.

The main point is that the level of false positives in an antispam system shouldn't be low -- the level of false positives should be effectively zero. Otherwise, users need to sort through their spam boxes anyway, and then what's the good of an antispam system? For more on this argument, please see a column that's a little over a year old.

I also have my doubts about Postini, the vendor he was praising. Surely by all accounts they are one of the best. But they also caused one of the two worst false-positive situations I've ever encountered personally, and the hypothetical user configuration error they are suggesting as the cause seems like nonsense.

Finally, he drew a big distinction between filtering spam at an outsourcer's site and filtering it on your own appliance, due to bandwidth costs, or maybe just due to a desire not to touch that icky spammy stuff. Well, I'd like to see numbers before I'm convinced, because the idea doesn't make a whole lot of intuitive sense. There are enough other kinds of security that probably aren't getting outsourced offsite; why is spam so special that email needs to be sent to the Outside Email Sanitizer before being even being allowed to knock at the enterprise network's well-guarded front gates?

EDIT: The OECD doesn't quite get it, either. Their basically sensible report on SPAM in developing countries seemingly entertains the notion that coarse-grained spam blocking (e.g., of entire ISPs) is a necessary evil. Bzzt. Better alternatives abound, and surely a good price can be arranged for Third World ISPs.