Facebook

Hands off address books

Germany’s highest court has ruled that Facebook’s practice of harvesting email addresses from their users contact lists in order to send invitations to them constitutes “advertising harassment” and violates German law on data protection and unfair trade practices. This in response to a suit filed by the Federation of German Consumer Organisations (VZBV)

Protect your email with TLS

You probably use TLS hundreds of times a day. If you don’t recognize the term, you might know it better by it’s older name, SSL.
TLS is what protects your data in transit whenever you go to Google, or Yahoo or even this blog. The little padlock in your browser address bar tells you that your browser has used the TLS protocol to do two things. First, it’s decided that the server you’re connecting to really is operated by Google, or Yahoo or us – you’re (probably) not having your session intercepted by someone in the middle between you and the webserver, either to read your traffic or modify it en-route. Second, it is encrypting all the traffic between you and the webserver, so that it can’t be passively monitored while in transit. Because of concerns about ubiquitous surveillance many websites – including ours – are moving to use TLS for everything, not just for protecting a login page or a credit card number.
That’s great for the web, but how does it apply to email? One place it’s used is for connections between your mail client and your local mailserver – sending mail to the smarthost via [rfc 4409]SUBMIT[/rfc] and fetching mail using [rfc 2595]IMAP or POP3[/rfc] almost always use TLS. That protects the privacy of your messages between you and your ISP and also protects the username and password you use to authenticate with.
Mail traveling between ISPs didn’t used to be encrypted “on the wire” , but about 15 years ago [rfc 3207]an extension to SMTP was proposed[/rfc] that would allow ISPs to negotiate during each session whether they should encrypt it or not. This extension, often referred to as STARTTLS after the command it uses, allows gradual rollout of encryption of mail traffic between ISPs without requiring any sort of flag day. A mailserver that supports STARTTLS will tell everyone who connects to it “Hey! I support STARTTLS!”. When a smarthost that also supports it connects to that mailserver it will go “Great! I support STARTTLS too! Lets do this!” and convert the plain text SMTP session into an encrypted session protected by TLS.
Fifteen years seems like a long period in Internet time, but non-intrusive protocol changes can take a long time to deploy. Facebook Engineering have done the work to see how that deployment is going with their survey of the current state of SMTP STARTTLS deployment. The results are really quite positive – over three quarters of the mailservers they sent mail to supported STARTTLS, covering nearly 60% of their users. That’s definitely enough to make supporting STARTTLS worthwhile.
More about TLS and encryption tomorrow.

FB email, put a fork in it

Today Facebook quietly put a bullet in the heart of it’s email program. Instead of running mailboxes, mail to Facebook addresses now simply forwarded to the users primary email address. Color me unsurprised.

Confirmation is too hard…

One of the biggest arguments against confirmation is that it’s too hard and that there is too much drop off from subscribers. In other words, recipients don’t want to confirm because it’s too much work on their part.
I don’t actually think it’s too much work for recipients. In fact, when a sender has something the recipient wants then they will confirm.
A couple years ago I was troubleshooting a problem. One of my client’s customer was seeing a huge percentage of 550 errors and I was tasked with finding out what they were doing. The first step was identifying the source of the email addresses. Turns out the customer was a Facebook app developer and all the addresses (so he told me) were from users who had installed his apps on Facebook. I did my own tests and couldn’t install any applications without confirming my email address.
Every Facebook user that has installed an application has clicked on an email to confirm they can receive email at the address they supplied Facebook. There are over 1 billion users on Facebook.
Clicking a link isn’t too hard for people who want your content. I hear naysayers who talk about “too hard” and “too much drop off” but what they’re really saying is “what I’m doing isn’t compelling enough for users to go find the confirmation email.”
This isn’t to say everyone who has a high drop off of confirmations is sending poor content. There are some senders that have a lot of fake, poor or otherwise fraudulent addresses entered into their forms. In many cases this is the driving factor for them using COI: to stop people from using their email to harass third parties. Using COI in these cases is a matter of self protection. If they didn’t use COI, they’d have a lot of complaints, traps and delivery problems.
The next time you hear confirmation is too hard, remember that over 1 billion people, including grandparents and the technologically challenged, managed to click that link to confirm their Facebook account. Sure, they wanted what Facebook was offering, but that just tells us that if they want it bad enough they’ll figure out how to confirm.
HT: Spamresource

Facebook blocking spam: parallels to email filtering

Last month a Dangerous Minds posted numbers that indicated their Facebook posts were reaching fewer users. They suggested that this was a conspiracy by Facebook to make more money and soak small publishers with “exorbitant” advertising fees. I didn’t pay that much attention to it. I use Facebook to communicate with friends. The only commercial entities I “like” or are “friends” with are small local businesses that I shop at.
Today, I see a tweet from Ben Chestnut that looked intriguing.

Deliverability of Facebook.com email addresses

Christopher Penn at What Counts did some testing to see what delivery to Facebook.com addresses looks like. It looks pretty grim.

Put a fork in it

When FB messaging was announced email marketers had a total conniption. There were blog posts written about how FB Messaging was going to kill email as we know it.
Now, slightly more than a year later marketers have declared FB Messaging dead.
Sometimes I think people spend way to much time believing their own press. FB messaging was never designed as a marketing platform. I said as much back in November 2010 when it was announced.

Social marketing

I don’t follow many brands on twitter or facebook. Those that I do are local businesses we actually shop at. It’s been interesting watching these local groups use the social networks to market.
One is The Milk Pail Market in Mountain View. They have a reasonably active Facebook page. How have they been using social marketing?

Brand engagement in social media

Adobe has a good post up about consumer reaction and interaction with brands in social media like Twitter and Facebook.

Facebook Postmaster page

There’s still quite a bit of concern and worry about how the Facebook messaging platform is going to affect marketing. One thing that may help is the Facebook postmaster page. There’s all sorts of good information on those pages, reflecting the years of experience that their messaging team has in running large platforms.
Some points worth mentioning.

One of the strengths of email that instant messaging lacks is asynchronous communication. With email, you send someone a message and they may or may not respond right away. Sending somebody an email means that you are not necessarily expecting an instantaneous reply. In fact, that’s the whole point of not using the phone or instant messaging. You are not expecting your target recipient to be at your beck and call.
Read More

FBox: The sky isn't falling

Having listened to the Facebook announcement this morning, I am even more convinced that emailpocalypse isn’t happening.
Look, despite the fact that companies like Blue Sky Factory think that this means marketers are NEVER EVER going see the inside of an inbox again this isn’t the end of email marketing.
Yes, Facebook email is a messaging platform that marketers are not going to have direct, unlimited and unfettered access to. I have no problem with this. Unfettered access to a messaging platform has been abused by marketers long enough, that I heartily approve of a platform that gives real control back to the recipient.
With that being said, there are a couple blindingly obvious ways to avoid having to give users control of their own inbox.

Emailpocalypse

Apparently emailpocalypse is coming on Monday. That’s when Facebook is going to release their email platform (the one no one knows anything about) and it’s going to DESTROY EMAIL MARKETING AS WE KNOW IT.
Are you ready?
I think my favorite doom and gloom scenario is: Facebook will throw out the book on email deliverability because it will likely be the first mass-user email platform that is whitelist-based. In other words, you will NOT be able to send to a user unless they have given you explicit permission to do so.
THE HORRORS! Marketers are going to have to get PERMISSION TO SEND EMAIL. OH NOES! The SKY! It is falling! Recipients are going to have to actually invite marketers in! They can’t just take permission, they have to be granted it.
Oddly enough, a lot of the folks who are having conniptions are also people who have been preaching permission for years. Really, if they’re already getting explicit permission, then this is no different. It’s just an email platform.
And even if Titan is somehow a total game changer and is going to require explicit permission, it’s not going to destroy email marketing. Everyone who has a facebook account already has another email account. Marketers who can’t get explicit permission to mail to the facebook account can certainly keep sending “permission” email to their other email accounts.

Beware: Phishing and Spam in Social Networks

Trend Micro warns us today about how spam and phishing can hit you even in the closed ecosystem of a social networking system such as Facebook. Malware abounds. And in the social network arena, just like anywhere else, “using your account to send spam” is a common thing for the bad guys to want to do.
In Rik Ferguson’s investigation (which I read about on CNet News), he came across a link to a URL that asked for his Facebook credentials, supposedly necessary to allow installation of a specific Facebook application. Once the credentials were handed over, the app immediately spammed all of his Facebook friends, sending them a bogus notification, attempting to draw them into visiting the phishing/malware URL, with (one assumes) the hope of spreading the infection even wider.
He’s a researcher for Trend Micro, so he knows what he’s doing. But for the rest of us, this highlights how necessary it is to be careful with who you give your usernames and passwords to. In my opinion, it’s never safe to take your username and password from one site and hand it over to another site. Some social networking make the problem even worse by blurring the lines between safe and unsafe by asking for usernames and passwords to third party accounts, but you just can never know with 100% certainty which sites are legitimate and which ones aren’t.
— Al Iverson