Facebook introduces Messages to allow users to contact unsubscribed friends, but denies that it is an email service

News by Dan Raywood

Facebook has announced an 'evolution' of its communications to combine SMS, chat, email and messages services into one area of the website.

Facebook has announced an ‘evolution' of its communications to combine SMS, chat, email and messages services into one area of the website.

Introducing an ‘@facebook.com' email address option to every Facebook user, the social networking site said that users can now talk with friends over email, whether they are on Facebook or not.

However it was clear in stating that Messages is not email service as there are no subject lines and no CC or BCC, saying that it modelled it more closely to chat and reduced the number of things users needed to do to send a message. Facebook said it 'wanted to make this more like a conversation'.

Facebook engineer Joel Seligstein said that Messages is built for communicating with friends, so it made sense to organise it primarily around people. He said: “All of your messages with someone will be together in one place, whether they are sent over chat, email or SMS. You can see everything you've discussed with each friend as a single conversation.

“It seems wrong that an email message from your best friend gets sandwiched between a bill and a bank statement. It is not that those other messages are not important, but one of them is more meaningful. With new Messages, your inbox will only contain messages from your friends and their friends. All other messages will go into an 'Other' folder where you can look at them separately.

“If someone you know isn't on Facebook, that person's email will initially go into the Other folder. You can easily move that conversation into the inbox, and all the future conversations with that friend will show up there. You can also change your account settings to be even more limited and bounce any emails that aren't exclusively from friends.”

Writing on the Facebook developer blog, Dan Hsiao, product manager for Messages, said that as part of the announcement it was releasing a beta version of the read-only API for new Messages to registered developer accounts. These APIs allow applications to access the new Messages on a user's behalf after requesting the read_mailbox permission.

He said: “This opens up opportunities for developers to create a range of new experiences, such as an application where people can read messages directly from their desktop. Applications using the existing Messages APIs should continue to do so until the new Messages is fully rolled out to all users, but developers can begin experimenting with the new APIs.

“Developers should focus on integrating with the stream and requests communication channels on Facebook, or request the email extended permission to contact their users directly. To comply with existing policies and laws that prohibit unsolicited email and ensure that users are in control of their inbox, we are not currently permitting developers to send messages to @facebook.com email addresses, and have updated our policies to reflect this.”

Jorge Cino, writing on the allfacebook blog, said: “Developers will not be able to create apps that spam you or contact you directly. Let's remember that one of the cornerstones of Social Inbox (and one of the ways this experiment is banking on to succeed) is to improve the quality of messages that reach you, and to effectively rid you of unwanted messages.

“What about using your spanking new @facebook.com email account to authenticate an application? The answer to this is also no. Facebook says ‘Because @facebook.com is primarily for use between friends, people cannot currently use this email address when authenticating applications. The option is not currently available in the drop-down menu, but it's something we're thinking about for future iterations'. It seems clear that Facebook is aggressively trying to incorporate this new technology and help developers get excited about its capabilities too, but not at the expense of compromising the social spirit of the new inbox (and email).”

Sean Sullivan, security advisor at F-Secure, said: "The mail addresses will be based on usernames. My Facebook username is based on my actual name, rather than a nickname/alias and so dictionary-based spam is a certainty for those like me. Similarly, I expect all kinds of junk to end up in my ‘other' folder.
“The other thought that comes to mind is related to the ‘chat' aspect of Facebook. The company has stated that the new messaging feature will not only include mail, but also chats. Now I don't know about you but I use chat and mail to have two entirely different types of conversations. Chats are in the moment and messages/mail is more thoughtful and slower paced. It could be strange to see them threaded together and this would make for a tempting target for phishers to intercept.
“The real question for me is how much of the conversations will be archived in Facebook's ‘Download Your Information' feature, which could be a treasure trove, not for evil hackers, so much as jealous partners.”

Franklyn Jones, director of EMEA marketing at Palo Alto Networks, said that there was a lot more going on here than just ‘Facebook now has email', it is more like ‘come enjoy Facebook email plus other real-time communication functions in a social-networking context'.

He said: “With such grand ambitions, I do not think that Facebook wants to limit itself to the consumer market. On the contrary, to maintain its growth and dominance, Facebook must also be highly relevant to the enterprise.

“The good news for Facebook is that it has already learned that yesterday's teenagers are today's employees, figuring out ways to use Facebook as a powerful tool at the companies where they work.  So I believe, in the short term, this announcement brings scalability and reach to the Facebook platform and in the long term, it will give the opportunity for businesses to create real-time communication networks with customers, partners and suppliers.”

He went on to claim that the greatest risk will be if or when Facebook email is embraced as a corporate email platform, as it could become the primary application threat vector.

“Unfortunately the security safeguards currently watching port 25 for bad SMTP traffic will become obsolete. For all of these challenges, a Security 2.0 infrastructure is required to ensure ‘safe enablement' of Facebook and other applications like it,” he said.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews