April 11th, 2006
Common sense and lawsuits don't mix
In today’s litigious society, common sense is often out the door with some juries with the "stick it to the man" mentality are eager to give large awards even when no real faults are found. In one of our more heated TechRepublic debates, member "sostermann" posts "Can porn spam be considered sexual harassment to employees?" Sostermann tells of a new employee who has complained to upper management stating "This is now border line harassing! It would be unreasonable to hold an employer liable for any vulgar message than an employee may come across. Some employees would consider this sexual harassment." Having been in a similar position, I can see his dilemma and I feel his pain.
The company in this case is a small business with limited resources. Email is outsourced to a cheap POP3 mail provider who filters "obvious" spam. Although it wasn’t stated in the post, my guess is that the inexpensive ISP is probably using a free open source solution which may not have the best catch rate in order to minimize false positives. Spam filtering is not an exact science and never will be because email by definition means that you’re willing to accept email from strangers. The fact that domain-level authentication standards have not been widely deployed makes it even tougher because emails can fake their identities. As a result, spam filtering usually boils down to the following:
- Keyword filters
- Existence of a reverse lookup for the sender domain
- Hash (digital fingerprint) of the message to see if it’s been sent to many other recipients throughout the world
- Heuristics
- Obvious blacklisted sender domains
- Obvious blacklisted SMTP servers
- SPF, SenderID, DomainKeys (all low penetration)
The problem is that even with all of the above; it takes a lot to fine tune an anti-spam solution. The Internet is like living in a neighborhood where every hoodlum and vandal in the world is within 1 minute of your business or home and you have some nice white walls facing the street. Even if you keep 99 vandals from spraying garbage on your walls, 1 will eventually get through. In the spam business, even the best anti-spam solution misses 1% of spam if they wish to maintain an extremely low false positive rate. Most people would rather not see spam at all but given the choice, they’re willing to see a few get through in order to avoid missing that critical letter they’ve been waiting for. In a former company I worked for, one of our executives had one of his time-sensitive mortgage refinance letter caught in the spam filter as a false positive and he was obviously rather upset. In another false positive case where an important email was lost, the message contained a reference to a product code "6xxx". The key word filter caught the "xxx" portion and blocked it as spam.
Unfortunately, we had an HR head that wasn’t very sympathetic to the situation because she simply assumed that the spam problem was trivial and that it was easily fixed if only IT weren’t so incompetent. We could get a more accurate spam solution would either cost $50,000 or we would have to go to an expensive email scrubbing outfit neither of which were easily approved and IT was caught in the middle and the perception was that we were idiots. Since it’s a matter of reality that it is impossible to block all unsolicited messages, it would be unreasonable to hold an employer liable for any vulgar message than an employee may come across.
In my college days as a waiter, I was routinely harassed by rowdy customers and sometimes even threatened with violence. Sure it isn’t pleasant but that doesn’t mean I’m entitled to win a lawsuit against the restaurant because of a customer’s bad behavior so long as some effort was made to protect my safety and eject trouble makers. Now I’m no lawyer and maybe I’m just a bit old fashioned, but there needs to be some sanity brought back in to the world.
George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.
