From Facebook Developer Wiki

Contents 1 Description 2 Estimated Timing 3 Details 3.1 Setting the domain 3.2 If you want to make sharing the user's email address optional 3.3 If you want to require a user's email address for your application to work 3.3.1 User Flow 3.4 User Education 3.5 Proxied email 4 Policy 5 Example 6 FAQs

Description

We're excited to announce that you will soon have the ability to ask users for their primary Facebook email addresses, providing you with a direct channel to communicate with your users. This will also serve as a replacement for application-to-user notifications. (We think that Counters and the new News functionality will serve as a better replacement for user-to-user notifications.)

Right now we're testing a number of different product flows to ensure that users understand the process, and that it's also as lightweight as possible.

Estimated Timing

Live on Wednesday, January 20, 2010

Read more about the announcement in the blog post, and check out the documentation.

Details

We’re planning to launch the ability to request a user's email address soon, and wanted to give you a preview into how it will function. We’re still finalizing a few of the details and exact language that will be used in the dialogs, but this is how most of the functionality will work.

Setting the domain

In order to request users share their email addresses, you will need to set the domain that your emails will be coming from via a setting in the Developer application. This is to safeguard against users' email addresses being sold to third parties. Any developers found violating this policy will have their applications immediately and permanently disabled.

There will be two ways you can ask a user to share their primary Facebook email address with you:

If you want to make sharing the user's email address optional

How: Prompt for the email extended permission. Today if you request the email extended permission, users see a dialog that prompts them to share their proxy email address. We’re changing this dialog so that now users will have the option to provide their actual email address. If you currently request the email proxy extended permission, you only need to set the domain that your emails will be coming from in the Developer application and users will be prompted to share actual email addresses instead. (We will no longer be supporting a proxy-only extended permission.)

The new permission prompt will look something like this:

Note: These mocks are still subject to change between now and final launch.

If you want to require a user's email address for your application to work

1. Set the domain that your emails will be coming from via the setting in the Developer application.
2. Pass an additional parameter to require_login() indicating that email is required. We are still finalizing what this parameter will be named. (Note: this is not a breaking change. If you do not pass us this additional parameter, nothing will change.)
   
   

User Flow

For new users: After clicking Allow on the initial authorization dialog (or signing in via Connect), new users will see a second screen where they are prompted to share their email address.

• Applications on Facebook.com: A second dialog appears after the user authorizes the application.

• Connect integrations: A second dialog appears after the user clicks Connect in the Connect dialog.
  
  • We don't currently have a mock for this dialog, but it will probably look similar to the dialog for applications on Facebook.com.

For users who have already authorized your application/Connect integration: Since they have already authorized the application, they will be immediately directed to the email dialog described above (the same screen that new users see).

User Education

To help encourage users to share their email addresses with the applications that they trust, we’re going to add a dialog to the top of every canvas page promoting the new feature. We will display these dialogs to all canvas application users -- on every application they visit -- for their next three sessions with each application. We’ll leave these dialogs up for three months after we launch email functionality, so that a user will see the prompt any time they visit your application during this period.

Note: This dialog will not display until you specify in the Developer application the domain from where you will send email.
The dialog will look something like this:

Proxied email

Instead of allowing your apps to ask for only a user's proxied email address, we're giving users the ability to choose between a proxied email address or their actual address. In our tests we found that users strongly prefer having the option to share an anonymous email address. In rare cases we will set the default for the dialog to share a proxied email (instead of the user’s actual email address). We will only do this in a small number of cases (if any), based on an algorithm that will auto-detect applications that we suspect might be abusing email addresses.

Policy

Here are the policies that you must abide by if you choose to request a user's email address. (These policies will be added to the Developer Policies and Principles later today.)

Violation of these policies will lead at minimum to a warning, and in many cases having your application disabled. Egregious violations will lead to permanent disablement.

We highly encourage you to read through these (and the details of the CAN-SPAM Act very carefully. CAN-SPAM is a federal law that you must abide by if you wish to send emails, and carries significant penalties (including fines and even imprisonment) if violated. We will be providing additional resources to help you understand CAN-SPAM over the next several weeks.

Policies
a. You must not give or sell users’ email addresses to any third party or affiliate.
b. You must comply with the provisions of the Federal Trade Commission’s CAN-SPAM Act and all other applicable spam laws (e.g., provide a visible and operable unsubscribe mechanism and honor opt-out requests within 10 days).
c. You must explain clearly to users, in a privacy policy or elsewhere in a conspicuous place, how you will use their email addresses.
d. Emails you send must clearly indicate that they are from you and must not appear to be from Facebook or anyone else. For example, you must not include Facebook logos or brand assets in your emails, and you must not mention Facebook in the subject line, “from” line, or body header.
e. All emails to users must originate from the same domain, and you must provide us with the name of that domain in the Facebook Developer application used to manage your application.

Example

You can find an example of the new permission on the fbFund Page.

FAQs

Will applications be able to access a user’s friends’ email addresses?
Users will have the ability to share their own email addresses with developers. Users will not be able to share their friends’ email addresses.

What impact will Facebook’s new privacy models have on a developer’s ability to access user emails?
Facebook's new privacy model will not have any effect on a developer's ability to ask a user for their email address -- they're completely separate product announcements.

Given the new privacy options, can users automatically opt out of sharing their email addresses with developers?
Users will never automatically give their email addresses to developers; they will always be prompted to share their actual email address, or a proxy for it. There is currently no setting for them to permanently opt-out from this choice.

What will happen with proxied emails that have already been granted to an application?
If a user has already granted the email proxy extended permission to an application, the application will continue to be able to send emails to that proxied email address.

What if I don't want to ask for users' actual email addresses and only want to request proxy email addresses?
At the moment you cannot choose to request only proxy email addresses. You also cannot choose which option the dialog defaults to.

When are notifications going away?
We plan to deprecate application-to-user notifications approximately 30 days after launch.

How will I find out if a user doesn't want me to email them anymore?
In order to send emails to users you must be legally compliant with CAN-SPAM, which means you must provide unsubscribe functionality on every email you send them (in addition to other requirements). Users will inform you directly via this link.

I have an application on Facebook.com, and I don’t want the dialog that prompts users to share their email address to appear on my canvas pages. How do I turn it off?
This dialog will show up for all developers who request email addresses. If you do not add the domain that emails will be sent from in the Developer application, then the dialog will not appear (and you will not be able to request access to email).

How does Facebook plan to communicate the change regarding emails and developers to users?
Facebook will continue to update the Developer Roadmap to communicate upcoming changes to developers, as well as announcing major updates to our Blog.

To inform users we will add a post to the Facebook blog, as well as adding detailed information about the changes to our | user Help Center.