You can get any email for a developer from their commits in the json api...companies like Entelo & TalentBin have discovered this a long time ago and appear to be reselling them to recruiters for about $500 a month. If you have seen an uptick in recruiter spam lately, now you know why.
What is interesting is I believe its illegal (can-spam) to email someone if you harvested their email programmatically...but seems to be a clever hack around the law for a company to sell off a harvested emails to be emailed by someone else.
> I believe its illegal (can-spam) to email someone if you harvested their email programmatically
Nope. You can email pretty much anyone in America, regardless of how you acquired the address (and provided you meet various other requirements about headers and content). The biggest criticism against CAN-SPAM is that it could be viewed as a license for every business to spam the planet exactly once (after that you have to start worrying about opt-outs).
The CAN-SPAM Act has specific prohibitions (and extra harsh sentencing guidelines) for spamming harvested (or "dictionary attack") e-mails. Even if you meet all the other requirements to legally send unsolicited commercial e-mail, harvesting the addresses makes it illegal.
Thanks for the useful tool! Email addresses are not secrets, and I can't count the hours I've wasted trying to email some developer who thinks that by keeping his email address off of his blog that he'll get less spam.
I'll take that over the wasted hours spent blacklisting idiots, looking up ASNs for ISPs that don't give a shit, filling in abuse forms, maintaining and testing DKIM & ADSP policies, etc. etc. If I want you to have my email address I'll give it to you.
I'm always fascinated when something like this appears on HN and it turns out to be a dozen lines of bash. I could easily imagine writing a hundred lines of a "better" language (Python, CL, Ruby...)to do the same thing. I guess it just speaks to the unreasonable effectiveness of Unix tools for certain classes of problems.
This feels like nothing more than linkbait with no value-add. Emails are public on Github anyways, so simply browsing to github.com/<username> will show the users registered address. I guess it's almost interesting that it can be done programmatically, but I never suspected anything less.
Not everyone includes their email in their GitHub profile. For instance, the creator of this tool’s profile at https://github.com/hodgesmr does not include his email address.
This tool does not rely on email addresses being in profiles. It can look up the email addresses used in commits in the user’s repos, and use heuristics to choose the most likely one.
Title should be corrected, as it doesn't get the email address of all users, only those with public activity. A team member on a private org repo I'm a part of has no public activity on Github, and no email is returned, even using -a.
Auto-delete all messages that contain the phrase "my client" and you'll eliminate 90% of spammy recruiter emails in my experience.
That's the goal, right? If the recruiter had an amazing, what you've always wanted kind of job for you, you'd probably want to hear about it. But if that were the case he'd take the time to find out what that opportunity looks like, and he'd probably just tell you the company instead of all the "my client" stuff.
Interesting, but GitHub is the place I'm least likely to want to email someone--since GitHub's staff is actually willing to deal with things like username squatting by defunct accounts.
On the other hand, if someone could tell me how to get someone's email address from their Tumblr or Twitter, I'd be eternally grateful. Stonewalls from both on the username-squatting front.
Running it against my username, the first email address it pulls is the email of someone who contributed to one of my projects, not mine. (using -a does also include my address)
I don't think it is as much news as a hack (which is completely relevant for this forum). The reason for its attraction is because most of the demographic here utilizes github and cares about privacy.
Thats exactly why its a news. Many didn't realize that the email and other particulars would be out in the open.
Its like knowing that my details are now public because I posted on HN when I expect only my posts to be public ... (Just an example as HN doesn't require an email id)
What is interesting is I believe its illegal (can-spam) to email someone if you harvested their email programmatically...but seems to be a clever hack around the law for a company to sell off a harvested emails to be emailed by someone else.