European providers of electronic communication services use a variety of technical and organizational measures to secure their services and to fight unsolicited electronic mail (spam). This study, conducted by ENISA in January 2006, provides an overview of these measures. The security measures that providers implement vary widely. They depend on the type of threat against which each provider focuses its defense, and the specific nature of the business the provider is in. The outline of the study follows Directive 2002/58/EC, in particular Article 4 (Security) and Article 13 (Unsolicited Communications).