Simple problem, simple answer
Two questions here: whether to run a typo/fwd service at all, and who sets standards for acceptable use of email and monitors them. The mistake was to connect the two.
If you are in the business of #1, my opinion is that this is all you do. You don't set the standard, you don't monitor content, etc. Apart from anything else, you reduce your personal legal and moral responsibility.
If you are in the business of #2, then org policies need to be in place to tell users that emails are monitored, not private etc. And ideally you want most of the work filtering to be done by machine, otherwise you end up with some petty BOFH who knows everyone's secrets.
Returning to the first case, supposing you saw an email that read, "I am going to <anglosaxon> you so hard you won't be able to walk." Is that a threat of assault? Or a mash note? If you treat it like the second but it turns out to be the first, you could be blamed for knowing a crime was about to take place and not doing anything about it. Steer well clear.