Spam filtering has always been a hot topic around the IT water cooler. The question most frequently asked is "how". But increasingly, a question which needs to be asked is "whether", followed closely by "how not" in addition to "how". (If you're stilll back at "why?" then a) I want to know how you are reading this as you clearly don't spend much time on the Internet, and b) I want to meet the person who administers your anti-spam system.) The bottom line here is your duty to your users. Sure, users want to see less spam in their inbox. But they really don't want to see legitimate mail end up in the spam folder, which is second only to their not wanting to see mail which they are expecting vanish into a black hole. More than a passing whim, however, your users rely on you to make sure that their legitimate email gets delivered. To them. In their inbox. A legitimate email occasionally ending up in the spam folder is forgiveable; possibly even acceptable. But legitimate email completely vanishing is not. Amazingly, many spam filters being used in a user environment today are configured to simply discard certain types email which the system determines to be spam. Not flags. Not filters. Discards. Aside from the issue of economics (and that really is a only a side issue here), that is not unlike the USPS deciding to throw away your Victoria Secrets catalog rather than letting you decide whether or not you want to read it (yes, there is also text in those catalogues). Worse, in the case of wanted, legitimate email which is erroneously discarded by overzealous spam filters, it is akin to the USPS throwing away your tax return because it comes in a windowed envelope, and everyone knows that only junk mail (and bills) comes in those envelopes. The bottom line is, just as the USPS cannot choose to discard, rather than deliver, your mail, neither should you make such a decision for your users. If you must discard email addressed to your users before they ever see it, then at the very least you should - no, must - advise them up front as to what processes of elimination you are using. I am personally aware of a site which lost their domain due to their ISP's overzealous spam blocking, which resulted in the domain registration renewal notice which their registrar sent them being tossed as spam. Such an outcome is completely unacceptable and, indeed, may be legally actionable. Your users expect you to protect, not interfere with, their mail. So where does this leave the IT professional charged with maintaining their company's mail servers on behalf of their users, other than between the proverbial rock and a hard place? Sticky a wicket as it is, these following steps can help you to avoid ethical, and even possibly legal, email delivery snafus. First: Never ever discard incoming email which is addressed to one of your users. Filter, yes - delete, no. Second: Do make liberal use of "spam folders", a secondary inbox for your users into which email which your system identifies as likely to be spam can be deposited. Third: Make sure that your users know what your spam filtering policies are, and that they know to check their spam folders regularly. Fourth: Know the policies and practices of any third-party spam filtering, blocking, or identification solution to which you may subscribe. It doesn't do you any good to keep a careful shop if the spam filter to which you are subscribing lists anyone and everyone every which way from Sunday. Fifth: Post your email acceptance and delivery policies somewhere public on your website, so that not only will your users know what your spam-filtering policies are, but their correspondents (i.e. the people sending them email) will know how to play nice with your sytem to avoid erroenously triggering your spam filter. Remember, there's a fine line between the killer app, and killing the killer app. Make sure that in your efforts to keep your users' inboxes usable you remain a part of the solution, and not a part of the problem.