The Real Reason You Should Be Mad About the Facebook Email Switch

by Randall Cleveland

If you haven't heard the news or you're one of those Luddites who refuses to get a Facebook account (how could you hold out after reading all the positive press lately?), Facebook recently pissed off pretty much everyone with an account by changing their default contact email to [username]@facebook.com without telling anyone. Oh, that's not entirely true. Facebook kinda sorta mentioned it might happen back in April, so as far as they're concerned you've got no right to be upset. Even though they straight up lied:

"We are providing every Facebook user with his or her own Facebook email address because we find that many users find it useful to connect with each other, but using Facebook email is completely up to you." That's the official line they sent out two months ago, so you could argue "completely up to you" might have misled people into thinking it was, y'know, up to them.

But whatever. It took all of five minutes to hunt down the settings and switch my email back; in the grand scheme of wrongs the universe has inflicted on me, it was pretty low on the list. But then I realized something: Facebook's email isn't actually an email client. Any email you send to a Facebook email addy shows up as an Instant Message for the user. That's the way Facebook intended it, it's kind of dumb to me, but whatever. The point is now every spambot this side of Russia has a direct pipeline to your Facebook inbox.

See, your Facebook email addy is your username, which is also your unique URL on the site. So if you know my URL is facebook.com/llandar, you now ALSO know you can send me an IM by emailing llandar@facebook.



And why wouldn't you want to befriend me?

This isn't a new problem, email clients have been fighting dictionary and brute force attacks like this since there was email, but because of that battle they've evolved specialized and accurate spam filters. Some are better than others, but the point is they're pretty good at filtering out the bogus.

So far as I know Facebook's only means of spam prevention is to have each user individually report a message as spam. That's fine when you only occasionally get random half-empty profiles with pictures of busty teenage girls asking you if you like to have fun, but with the entire world now able to hit you up at a moment's notice, de-spamming your inbox is going to be a full-time job. And what about those of us who aren't so savvy at recognizing a 419 scam? Is your grandma on Facebook? What about your tech-illiterate dad? Are they going to be able to figure out what's going on when suddenly dozens of strangers are messaging them to say hi and ask if they need deals on Canadian pharmacy drugs?

Am I overreacting? Probably, but that's sort of what I get paid to do. But I can't help but wonder if Facebook, the world's biggest customer information pimp, didn't already plan this out as a better way to sell off mailing lists.

Is Randall paranoid? Are you worried about more spam in your life? Do you even have a Facebook account? Want to be friends? Let us know in the comments!