Checking the Trash: Catching Public Records Requests Sent to Junk Email Folders

During Public Records Act (PRA) trainings, I will sometimes ask public records professionals to share their fears. In asking this question, I hope to show that they are not alone in their concerns, but also to try and equip them with strategies to avoid the situations that cause their anxiety. One big fear: they or another member of their agency will miss a public records request, which may expose their agency to potential financial penalties.

This is certainly a legitimate concern. One of the only deadlines in the PRA is the requirement to respond “within five business days of receiving a public record request” — RCW 42.56.520. While failure to respond within that time is not in itself a basis to bring a PRA lawsuit in the first place (RCW 42.56.550), if a court does find there has been a violation of the five-day letter requirement, it can award attorney fees and cost to the requestor. See Hikel v. City of Lynnwood (2016).

If the court also finds the public agency improperly denied access to a record, it can award a per-record, per-day penalty that takes into account the promptness of the agency’s response and its compliance with all PRA procedural requirements. See Yousoufian v. Office of Ron Sims (2010). 

In other words, public agencies must have procedures and policies in place to ensure a timely response to a records request. This starts with making sure the request gets to the right staff. Pursuant to RCW 42.56.580, agencies are required to designate a public records officer to serve as a 'point of contact' for records requestors. However, no official format is required to make a request, and agencies may only 'recommend' requestors submit via a specific form or webpage — RCW 42.56.080(2).

Ideally, a well-designed intake procedure will ensure a timely response. But any departure from that procedure — a request coming in via an alternative method or somehow getting lost in the system — creates risk. Records requests are commonly submitted via email — either to designated records staff or specialized email addresses, or to any public official or employee’s email. Keeping up with an email inbox is often hard enough — but what if those requests end up in spam or junk mail folders?

You Don’t Know What You Don’t Know (Unless You Check)

Let’s agree that spam and junk email filters are a necessary and important feature of email platforms. Nearly 50% of global email traffic is considered 'spam' and can fill up inboxes, obscuring other important public communications. Further, these unsolicited emails often contain malicious files, phishing attempts, and pose other IT security risks. But, depending on security sensitivity settings, spam filtering may cause 'false positives', where legitimate emails are filtered into the junk mail folder.

This happened to the Washington Employment Security Department (ESD) in the recently published case, Pilloud v. ESD (2025). A records request was routed to a junk email folder due to some unusual aspect of the sender’s email address. After 17 days and follow-up from the requestor (Andrew Pilloud), ESD eventually found the request and sent the required response within five days of discovery.

Pilloud argued that ESD violated the PRA since it did not respond within five business days of receipt of the original email. The trial court found no violation because ESD responded within five days once it had “fair notice of the request” when it found Pilloud's email in its junk email folder.

On appeal, the court of appeals actually did not address this issue. Instead, it found the timeliness issue 'moot' because, even if there was a procedural violation, Pilloud would only be entitled to receive attorney fees, not any penalties, under the statute. And since Pilloud represented himself and was not represented by an attorney, the court could not award him attorney fees.

If Pilloud had been represented by an attorney, the appeals court would have had to make a decision on the timeliness issue. So, my takeaway from this case is that missing a records request that gets misdirected to a junk mail folder is still a viable legal argument to make in a PRA lawsuit against a public agency. As a result, public agencies need to develop strategies to reduce the risk of requests getting caught in junk mail folders.

Tips for Your Trash

As an initial note, I defer to IT professionals on email security sensitivity settings. Scammers and bad actors will only become more sophisticated, and strong security settings are the first line of protection. But there are other strategies a public agency can employ to catch those false positives that are not spam or junk.

Set expectations up-front

Inform requestors on your intake forms, web portals, or informational websites that they should expect some sort of response from the agency within five business days. Empower requestors to reach out via phone or other non-email methods if they have not received a timely response. Also encourage them to check their own junk email folders (it happens both ways!).

Utilize email rules

Depending on the email platform, there is lots of guidance on how to set rules that emails with certain characteristics are not treated as spam and are properly directed to an inbox (For more information, check out this WIRED article: How to Make Sure Important Emails Don’t End Up in Spam). For example, MS Outlook allows rules based on certain keywords, like “records request,” “PRA,” or “FOIA.” Further, if you catch a legitimate email in a junk folder, you can add the email address to a 'safe list', so it never ends up in there again.

Regularly check junk mail folders

This might seem like the most obvious tip but, depending on how much email a particular address receives, this can be a daunting task.

Records staff should be checking their own junk mail folders and any general accounts (e.g., 'PRO@city.gov') daily, if possible. All other staff and officials should probably be checking their junk mail folders at least weekly. Not only can you screen such folders for legitimate emails, you can also take that opportunity to delete junk emails since they have no retention value (See GS50-02-03 in the Local Government-Common Records Retention Schedule). This makes it a lot easier to scan through the junk folder the next time you check.

Ideally, agency-wide expectations regarding screening junk mail folders would be part of an agency’s electronic records policies.

Caution — autodelete and junk folders

Many email platforms are, by default, set to autodelete the contents of junk mail folders after 30 days. There is growing concern around autodelete features that do not have a person reviewing the to-be-deleted files and whether this practice is consistent with state retention requirements. Further, if the autodelete is set sooner than a person can be expected to review the folder for false positives, this can be problematic for many reasons — not just ensuring no PRA records requests were misdirected.

This issue can be avoided if junk mail folders are reviewed and deleted by a person more often than the scheduled autodelete or by disabling all autodelete features.

Conclusion

At the end of my PRA trainings, I often ask attendees, “Do you feel a bit better?" and "Did I allay some of your fears?” If the training has been successful, I will get lots of “Yes!” but I will also get “Now I have an all-new set of concerns to worry about!” Hopefully, this blog highlights a potential PRA procedural pitfall, while also supplying a strategy to screen spam email for requests. It is critical to work with your attorney and IT partners in advance to address these concerns before you find that dreaded, potentially overdue records request in a junk email folder.