Most filters use a combination of several methods to determine which emails are spam and which emails are legitimate. Any email that is sent to someone on a system is analyzed and given a score based on the content of the email. The higher the score of the email, the more likely that the system will mark it as spam. If the score exceeds a certain threshold, the system will refuse acceptance of the email. These scores are usually determined by comparing the email’s content to confirmed spam email content, confirming the authenticity of the sender and analyzing the “header†information (routing details not usually visible to the recipient) among other things (RBLs, language filters, et cetera).
The filter variables are scrutinized often, which means that a spam email of a certain type is not likely to continue to get through the filter for very long. While the algorithms that filter spam are very advanced, there are still occurrences of both false positives (email that should get through that does not) and leaks (spam email that gets through despite filtering).
Please correct me if this is not accurate.