In my experience, gmail is fairly good (the best?) about catching actual spam, but I still get both false positives and false negatives (a lot more of the former). That makes me believe that this is actually a very difficult problem to serve. The post above from someone who was a gmail engineer reinforces this impression.
However, how much spam you receive is largely under your control. I receive very little spam even in my spam folder - usually less than 5 a day. It basically boils down to keeping tight control over who gets your actual main personal email address. That should be reserved only for friends and family, and even then, I've thought about asking them to not enter my email address on any websites if I decide to change my main address some day.
Here's how I control the commercial emails (and consequently, spam):
1. You will need a domain name to use for receiving commercial emails (i.e. any website where you enter your email address), and domain hosting or at least an email forwarding service.
2. Configure the email forwarding/filtering to forward all emails or emails following a certain pattern for that domain to your real email address. I configured the option on my webhost to forward all email (a catch all, if you will), however, I've since learned that this is not the best way, because if your domain starts getting flooded with spam your domain could get blacklisted. Supposedly the best way is to configure a filter that has a "key" string. Let's say you use your initials: .jb (Joe Blow) - the filter would then only forward emails that contain .jb among the recipients' addresses.
3. Register with a unique address at each website, each store, any commercial use of your email. Ex: use spammer.com.jb@mydomain.com when you register at spammer.com. Same thing if you give your email address to any entity who is not a family member or personal friend. Now all the commercial emails will get forwarded to your real mailbox because they have the .jb key. I actually make an exception to this for banks and for things like webhosts, etc, but I'm reconsidering banks after the recent JPMorgan breach when they obtained contact info for everyone. I would still make an exception for webhosts or anything where there could be a problem if your mydomain.com is not available for some reason.
4. ???
5. Profit. I.E. as soon as you start seeing real spam (not the stuff that a lot of people incorrectly mark as spam), you will know what address they're sending to and can block them at your webhost or email forwarding service. Here are some examples of entities that I had to block because they were breached or sold my email address to spammers:
adobe.com (breach)
dropbox.com (breach)
planusa.org (unknown)
cinegearexpo.com (unknown)
equifax.com (unknown)
zappos.com (breach)
whois (open database - I use a proper domain registrar that hides my info by default now)
Bonus: another major advantage of doing this is that it makes it much much easier for you to change your main email address. You can reroute all your commercial email with one reconfiguration of your forwarder instead of having to go to each individual website to change your address.
Extra bonus: makes it super easy to setup a filter at your client or webmail to send all commercial email to a separate folder. Just filter for mydomain.com in the "to:" line.
Doing this for a few years now has really opened my eyes to how many companies and other organizations either don't give a shit about your private contact info, have shitty security, or actually sell you out for money. I was frankly surprised at some of the organizations that I had to block. Unfortunately early on in my spam-fighting days I did use my main email address on websites, and sometimes also used google's floating period or + functionality to try to individualize email addresses so I get some spam where I don't know where they obtained my address. But those are few and far between, and I've been slowly untangling myself from it to the extent that I can.