A set of unsolicited e-mail messages is collected and "finger printed" by either sampling the unsolicited message and using portions of the samples to form the identifier or by hashing a portion of the message. These "finger prints" are used to construct an unsolicited message database. The client's e-mail messages are processed in off-line manner by periodically fetching their messages; "finger printing" each message in a manner identical to the unsolicited messages; checking to see if the "finger print" is in the unsolicited message database; discarding any messages with a "finger print" in the unsolicited message database; and forwarding any message with a "finger print" not in the unsolicited message database to the "clean" POP server. The client's e-mail messages can also be processed in a on-demand manner by intercepting their "clean" POP server request; fetching their mail from their "dirty" POP; "finger printing" each message in an manner identical to the unsolicited messages; checking to see if the "finger print" is in the unsolicited message database; forwarding any message with a "finger print" not in the unsolicited e-mail database to the "clean" POP server; and passing the intercepted POP request to the "clean" POP.