Facebook Platform Email Sharing API, Proxy Email Service Going Live in 5 Days

We just wrote yesterday about recent updates to Facebook’s Developer Roadmap, the calendar Facebook originally launched last October to give developers a better sense of what’s coming down the Platform product pipeline.

Today, Facebook made another update to the roadmap, announcing that the new Email API will be going live next Wednesday, 20 January. In addition, Facebook has posted new information for developers on how exactly the API will work.

Basically, developers will have 2 options for implementing the new email sharing features:

1) If developers want to make sharing email optional, users will see this extended permissions dialog:

2) If developers want to require users to share their email to use the app, users will see the following prompt:

To help with user education around the new Platform email sharing features, Facebook says it’s going to place the following message above every canvas page of every application for the next three months. This is a pretty aggressive user education campaign, especially in light of the way Facebook has rolled out Platform changes in the past.

In addition, Facebook posted that it is going to give users the option to share their real email address or a proxied email address. According to Facebook,

“In our tests we found that users strongly prefer having the option to share an anonymous email address. In rare cases we will set the default for the dialog to share a proxied email (instead of the user’s actual email address). We will only do this in a small number of cases (if any), based on an algorithm that will auto-detect applications that we suspect might be abusing email addresses.”

This will enable Facebook to maintain some sort of quality control over the email channel – preventing blatant abuse when users choose to share their proxied email address instead of their real one. Here’s what the UI will look like:

Email Policy

In addition, Facebook has posted draft policies for email use. As you may imagine, Facebook is prohibiting the reselling of user email addresses, requiring CAN-SPAM Act compliance, and requiring a privacy policy. We’ll be watching this area closely to see how both users, developers, and the privacy community handle the situation. Obviously, once a user delivers their primary email address directly to a third party, there’s nothing Facebook can do to stop abuse, other than punish known abusers with Platform restrictions or suspensions.

Here are Facebook’s draft email policies:

a. You must not give or sell users’ email addresses to any third party or affiliate.
b. You must comply with the provisions of the Federal Trade Commission’s CAN-SPAM Act and all other applicable spam laws (e.g., provide a visible and operable unsubscribe mechanism and honor opt-out requests within 10 days).
c. You must explain clearly to users, in a privacy policy or elsewhere in a conspicuous place, how you will use their email addresses.
d. Emails you send must clearly indicate that they are from you and must not appear to be from Facebook or anyone else. For example, you must not include Facebook logos or brand assets in your emails, and you must not mention Facebook in the subject line, “from” line, or body header.
e. All emails to users must originate from the same domain, and you must provide us with the name of that domain in the Facebook Developer application used to manage your application.

We’ll of course have more details as Facebook continues to roll out Platform changes.