As you have no doubt heard, Facebook abruptly reset every user’s displayed email address to [something]@facebook.com. In theory, every user’s address was reset to a unique Facebook ID # or, according to the Washington Post:
For those who have established a vanity URL for their Facebook pages, that means the e-mail address mirrors their Web domain name. (For example, someone whose Facebook page had the address facebook.com/jane.doe would be assigned the e-mail address email@example.com).
Some people are understandably concerned about the ease with which Facebook users can now be spammed:
You know that, oh, about 900 million people use Facebook — and almost all use their real names. So, you know that if you put a real name (minus the space) in front of @facebook.com, most likely those users will get that email.
Now, do those users have email rules? No. Do those users have junk filters? No. Do those users have any defense at all, even the ability to turn off getting email. No. No. No. No.
Thanks, Facebook. You just [expletive deleted] us up the [expletive deleted]. [Expletive deleted] you!
Now let’s see just how deep the rabbit-hole goes.
My curiosity was piqued when Facebook botched the assignment of my email address. I have a ‘vanity’ URL, but I was nevertheless assigned an email address incorporating my Facebook ID #. Two grabs from the same screenshot:
So I began to investigate: what would happen if I messaged firstname.lastname@example.org, even though it didn’t show up as my assigned email address? So I tried it. And it worked – a message showed up in my inbox. Then I tried 623907 – my ID # – @facebook.com, the address that showed up on my info page. That worked, too.
Now, I was really curious. Time to try the reverse. I went to a friend’s Facebook page that showed her vanity URL had successfully been converted into a vanity email address. Next, I figured out her Facebook ID (in the URL, I replaced ‘www’ with ‘graph’ – you can do it for anyone), and sent an email to [her ID number]@facebook.com from my gmail account.
Here’s what happened:
Hardly earth-shattering messages, but you can see – I left a number visible on top and a letter visible on the bottom – she responded to an email sent to her ID number with an email sent from her vanity email address.
In other words, a potential spammer doesn’t have to make up names and stick them in front of ‘@facebook.com’ to send mass emails; all he needs to know is your unique ID#.
And if he is a typical spammer, meaning he doesn’t really care who you are – which he is – he doesn’t even need a unique ID number: he can just send messages to any number, followed by @facebook.com. My ID # is just 6 digits long. That’s shorter than a phone number. This could be hell.
I came online to write about the pending Supreme Court decision on Health Care and I wrote about Facebook… again. Look what you’ve turned me into, Mark Zuckerberg.