We're currently using Content Catcher, a hosted spam solution. For less than what we pay them per year, we could purchase an anti-spam appliance to run in house. From a simple dollar perspective, it looks like a no brainer.
What are the downsides to running an appliance vs. going with a hosted service?
With a service, the spam e-mail never hits your network. For a large organization paying for network bandwidth based on usage, this can represent a non-trivial cost savings.
A large ISP I used to work for used Postini, and when we turned it on we saw an 83% reduction in incoming port 25 traffic from the Internet.
At the time (I don't recall precisely how our bandwidth was charged), the cost savings on the bandwidth paid for the cost of Postini, not to mention the management / operational savings from not having to run as many edge mail servers. We were doing spam detection integrated with our main mail platform, so this benefit won't apply in the host-vs-appliance argument.
Hosted Environment Advantages:
Hosted Environment Disadvantages:
Appliance Advantages
Appliance Disadvantages
The appliance is a hardware device than can break. Typically a hosted service won't "just break". You will probably be able to get some kind of service agreement on your appliance to provide next-day or faster replacement-- factor that into the cost.
Your appliance should have some kind of recuring update agreement, as well. The rules and filters that work on today's spam won't work on tomorrow's spam (since it's, fundamentally, an arms race between the anti-spam people and the pro-spam people). Be sure to factor in the cost of the recurring update agreement for the software running on the appliance.
Finally, the appliance hardware will get old and need to be replaced. Be sure you've factored in the cost for the replacement (and, hopefully, conversed with the manufacturer of the appliance about their intended lifetime for the box).
In the end, it should all come down to cost-benefit and and whether or not the solution does what you want. Nothing is free, and you need to be sure to factor any "hidden costs" (as I've descibed above) into the seemingly low acquisition cost of the appliance.
All technical reasons for one or the other solution have already been mentioned with great detail, however there's a (non-technical) point that is missing: when using an hosted anti-spam service, this means that a third party could theoretically read all your incoming e-mails. This is a point you might want to consider. There might be several reasons to think about that: internal policies of your company/organization about the handling of confidential information, potential risks of industrial/economic espionage, fears of surveillance by foreign governments (e.g., if the service is hosted in another country)... and although in theory any confidential information should be encrypted before being sent by e-mail, in practice this is not always the case (and you don't control whether people encrypt sensitive information before sending it in to your company).