Will Facebook email kill off spam? Far from it..

Graham Cluley
Graham Cluley
@[email protected]

Later today, Facebook is widely predicted to announce a new email system for its 500 million users.

Invitation to Facebook announcement

Some commentators, such as Craig Newmark of Craigslist fame, are already predicting that a Facebook email service will go further than being a Gmail-killer, and actually raises hopes of a spam-free future too.

Umm.. I think everybody needs to calm down a little. Because it’s time for a reality check.

Sign up to our free newsletter.
Security news, advice, and tips.

Newmark writes about the (let’s not forget, as-yet-unannounced) Facebook email service:

you might tell Facebook email to only accept email from people with Facebook-verified identities. You might have different levels of email priority, from friends, fans, friends of friends, and so on.

(People might link their outside email addresses with their Facebook profiles, and you might choose to accept those.)

Spammers can create their own Facebook identities to try to work around this, but that’s way more expensive than getting temporary email addresses, and that raises the cost of spamming people.

If Facebook does introduce an email service, let’s call it “FMail” for reasons of cuteness, then it won’t be the end of spam. It may, however, mean more of a different kind of spam.

As we revealed in our security threat report earlier this year, reports of spam attacks occurring via social networks have been rising dramatically.

Social networking attacks

Cybercriminals are compromising the accounts of Facebook users, and using their accounts to spread spam messages. It could be argued that using this method of spreading spam is more effective than traditional email spam, because users are more likely to open and trust a message which appears to have been sent by someone they know – one of their Facebook buddies.

So, just because you receive a message from a verified Facebook user who you have already connected with doesn’t mean that the email is kosher. All it means is that the Facebook account was used to send the spam.

More emphasis by Facebook on email could mean that the social network becomes even more attractive for spammers to abuse.

Others, including such luminaries as Bill Gates, have predicted the death of spam in the past. Hopefully others will learn to be a little more cautious with such predictions in future.

Don’t forget, cybercriminals are like a horde of hungry lions looking for their next meal. If they see a whole bunch of zebras (users) congregating in one place (Facebook) for a quick drink at the waterhole, don’t be surprised if they focus their attention there. Spam makes the bad guys money, so they’re going to carry on finding ways to send spam for as long as they can.

We’ll certainly be watching Facebook’s announcement later today about Fmail with interest, and will be keen to see what they have to say about email security.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.