Like it or not, spam is a way of life. While the battle between spammers and inbox users continues to rage, organizations generally do their best to try to stop the onslaught. In general, only a fraction of spam gets through filters, but can those spam filter failures create legal liability for an organization?
Today, I received an email from a user indicating that the "enlargement" message she received in her work email inbox was offensive and could be considered sexual harassment. Our spam filters are actually pretty good and block most, if not all, of the content that would be offensive to most people, but there will always be outliers. We do host our own mail servers and have an on-site spam solution that has proven to be very, very good.
That said, no matter what steps are taken, some spam will still slip through. How often do you or your users get messages from "their" bank or PayPal indicating that their accounts are about to be closed? How many times have you won the Spanish lottery? How many former Nigerian presidents have contacted you personally entrusting you with their vast wealth?
You get the idea.
No matter how good spam filters are, spammers find ways to stay one step ahead of the technology. My response to this particular user was that our spam filters catch the vast majority of inbound spam but are not perfect. For the occasional message that does get by, users should make use of the delete key.
The user in question, though, is one that generally enjoys being difficult, so I anticipate that this is not the end of the road for this situation. Some of our users are under the impression that a spam filter is an absolute guarantee that all inboxes will be spam free, regardless of how much communication is sent out to the contrary. From everything I've seen and read, I doubt that a sexual harassment/hostile work environment case in this instance would get very far. First, the organization makes a serious, good faith effort to block messages that could be considered offensive. Second, a single email message in someone's inbox hardly represents a "pattern" that could be used to prove a hostile working environment.
Short of simply disabling Internet mail from making its way to this user's inbox, what are your suggestions for the best way to handle a situation like this? Do you think something like this could open the organization up to a lawsuit brought by an employee?