Posted by: rolfsky | May 28, 2008

trusted email: facebook’s unintentional legacy?

Even if Facebook implodes in upon itself, the concept of an inbox limited to the “trusted few” may lay the groundwork to finally destroy spam.

Back in the days of old on the proto-internet, each major manufacturer had its own variant of “email” which were largely incompatible. Passing messages between two users of the same system was easy and not much of a problem if everyone was on the same system. But everyone wasn’t on the same system and eventually an “open” standard was declared so messages could be exchanged with users of different software.

To simplify things, just imagine for a moment that your email address wasn’t always “”, but could have also been:

  • JoeUser@[]
  • servOne!mail!!JoeUser
  • X400:c=US;;o=DOMAIN;s=User;g=Joe;

The standardization of email addressing allowed a wonderful thing: people using different systems could place emails in each others’ inboxes.

As I’ve mentioned before, each invention is an opportunity for someone to get ahead. Usually the first people to explore this are scam artists.

With the invention of email, scam artists realized that by addressing items to, it would eventually end up in Joe User’s inbox. This inbox is a place that Joe User expects to find relevant information and pays a lot of attention to.

Unfortunately, the only protection on this inbox was security-by-obscurity which is only slightly better than asking nicely. In essence, email’s greatest asset was also its greatest liability: Joe has no control over what gets put in his inbox!

With relatively simple “keys” (the short set of letters before the @ symbol), absolutely ANYONE in the world can put something directly in your field of vision.

GAME OVER. Protect your email address like you’d protect your PIN number because nothing can save you from the teeming masses who want to cram your inbox with crap.

Over time, slowly but surely, spam has decreased the effectiveness of email. What used to be a pristine environment composed of only content that mattered to you, is now a place where you can get “no relief”.

But then along came Facebook, and the net-generation decided that a spam-free, protected “Inbox” was better than a public “admit anyone” inbox.

The older generation HOWLs that these kids don’t know what they’re doing! We gape at astonishment that they would rather use a PRIVATE system available only on the web! Don’t they know better?

But the more you think about it… isn’t it kind of silly to have an inbox that just ANYbody can post to? No wonder why we get so much spam, we’re just sitting there collecting dirt.

Of course, this will all get built into the system just as was a simplification of“,”.

As the concept of creating a maintaining a “friends list” becomes more mainstream, we have already pre-populated our whitelist of email addresses. Before, maintaining a whitelist of accepted senders was a tedious process few people had the time and energy to pursue. Now, we’ll simply suck that whitelist from a small collection of network utilities like Facebook, MySpace, LinkedIn and maybe even eBay.

The greatest aid to adoption is to recognize and reuse effort that people are investing anyway. Don’t push to change behavior, deliver value from what people are already doing.


  1. This is a fascinating insight. It was initially hard for me to imagine why this model would now be successful when email whitelisting services have been so poorly adopted previously. However, you imply one reason, and state another: the next generation is going to expect it as a feature given their experience with websites like facebook, and social networking sites will allow us to create our whitelists in *context* rather than as dry static documents.

    One challenge I see with the latter is that social networks have very little incentive to open up their social networking data until there are enough 3rd party services doing it -I know there are already a few aggregation services- to force their hand. There is a rabbit hole here around who should own that data to begin with, but we’ll bypass it for now. One hope is that someone like Google will come along and be big enough to make everyone standardize: If that were to happen, I think your social network -> whitelist would be a shoo-in.

    One final thought… Over the last several years I’ve told more people that security through obscurity isn’t a valid model. It astounds me that I never put it together that email is based on that concept and why that is so flawed. That’s a powerful perspective shift, thank you.

  2. Another idea or two tumbled out of a conversation with a friend about the Google API.

    If at some point you can transfer your social networking information freely between sites, you will then be able to update your contact information in one place and have it propagate to all the others. Not only that, it would only update for the people that you had designated as having privileges. What if we imagined corporations having their own social network “profiles” that you could friend? You could then potentially share your address with REI, Zappos, Amazon and ebay (and perhaps have explicit permissions-based control over what they do with that information) but not friend companies whose privacy policies you don’t trust.

    This presumes that the various social networks using the API will adhere to whatever the built-in permissions system is and not simply publish everything to everyone. Yet another rabbit hole (skirted earlier) here around customer trust as a corporate asset, and how transparency can help or hinder that.

    It is strangely freeing to think about being able to change my email address, website, blog title, avatar name, cell phone number, etc. at will without ever having a friend lose track of any of it.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: