Why spam gets through
Spammers and phishers create malware and send spam because it is profitable. They are always working up new ways to work around spam filters and get messages delivered to user inboxes. Because of the number of unique spammers in the world and the rate at which they create new content, the spam you see in your inbox today is new. It is different than what it was yesterday, or the day before, or the day before that. It looks similar, and may use the same technique, but it is not the same message. It is slightly (or greatly) different and has been designed to evade filters.
Spam campaigns vary in duration. There are some that last many hours, and some that last a few minutes. We have tracked campaigns that send thousands, hundreds of thousands, or even millions of spam messages in under 15 minutes.
When you see spam in your inbox, it is usually because it is a new campaign from a spammer and we do not yet have signatures for it. During this window, a spammer can get some spam through our filter defenses to the inbox. However, our filters catch up and the rest of the campaign is marked as spam.
Thus, it is true that some spam gets through. However, a large percentage of it is subsequently caught by one of our anti-spam technologies. End users perceive that we did not catch the spam, but what happens is that the users that are affected are the ones that generate spam complaints, while the ones for whom the filter caught it are unaware that anything was wrong.