I think that number might be out of date -- and thus a bit high right now. I install sqlgrey on the mail servers I admin, and it does an amazing job of blocking spam before the MTA ever sees it. And, whereas greylisting was still a little controversial back when I worked for an ISP a handful of years ago, at a quick glance at my mail server logs it looks like it's caught on at a bunch of other providers now too.
Most of the email my mail servers handle right now is legitimate.
Woah there, dude. I wasn't arguing that spam is not a big deal; I wasn't really arguing anything at all. I was saying that the "85-97% of all email is spam" statistic no longer jives with what I see on my servers -- at all. I'd have to whip up a quick script to munge my mail logs, but I'd expect around 90% of all messages the MTA actually handles to be legit.
However, since you asked so politely: I don't have extra hardware (I think e.g. Barracuda is crap), and I wouldn't say I have an entire software stack -- just that sqlgrey & spamassassin are components of the mail server software stack that I use.
I think that whether spam is a big deal or not depends a lot on the tools you use. I put a lot of time and effort initially into building a software stack that could handle spam (and other problems) more-or-less on its own, and now spend pretty close to no time at all having to personally deal with problems related to spam. Conversely, the ISP I used to work for went with a Barracuda appliance and had a pretty poor mail server configuration that they didn't want to overhaul, and AFAIK they still have to spend significant amounts of support time dealing with spam-related complaints.
It could be argued that since I had to spend a lot of time and effort on the initial setup, spam is a big deal. I don't think I'd disagree with that. But, it doesn't have to be a big deal every day.
