Facebook’s spam prevention systems

Facebook recently posted a blog post explaining their antispam strategy for mitigating abuse.  The crux of the post is the following:

  • Facebook has certain algorithms to shut down abusive accounts
  • It’s nothing personal; they are not shutting down someone’s account based upon a particular social viewpoint
  • Sometimes they block an entire service like bit.ly or Tiny URL

Here’s an excerpt for some of the things they do:

Using information from your reports and what we know about how the average person uses Facebook, we've identified certain common patterns of unacceptable behavior. For example, we've learned that if someone sends the same message to 50 people not on his or her friend list in the span of an hour, it's usually spam. Similarly, if 75 percent of the friend requests a person sends are ignored, it's very likely that that person is annoying others he or she doesn't actually know.

This algorithm is something that spam filters have done for a long time.  Sending lots of the same message to many different people is the hallmark of spam – unsolicited bulk email.  Of course, how do you know that the mail is unsolicited?  With email, if you have opt-in mail lists, then your delivery goes much easier.  This is especially true if you sign up for an accreditation service like ReturnPath.  Thus, in email, it is legitimate behavior to send lots of the same message to people but if the recipients are in your friend list (ie, they all opted in and want to receive your mail), then it isn’t spam.  Email is asynchronous and open so delivery and permissions is more difficult to prove.

Facebook has an advantage in this regard because Facebook is a walled garden, that is, people who don’t have entry cards stay must stay outside the garden whereas those who have membership to the country club can get inside the walls and play croquet.  Facebook’s security settings allow you to disregard/prevent messages from people who you don’t know.  This is a model that I call “Block the world and punch holes for your friends.”  It doesn’t work for email, but it does work for social networking services that are designed allow you to talk to Friends.  The way I view Facebook is that it is private; if someone wants to talk to me, I should know them in real life first or have one or two degrees of separation from them (ie, they are the friend of a friend).   If not, if someone is randomly sending me messages then that goes against Facebook’s entire model (the way I see their model); you have to first earn that circle of trust before you can come into my garden.  You are not allowed random access to that garden.

Thus, for Facebook, sending 50 messages to people not in your Friends list is unusual.  It goes against what Facebook is essentially about.  If you want to randomly contact someone, contact them via email.  Facebook is not your platform for reaching out to people you don’t know and have no connection with.