38 comments

[ 4.2 ms ] story [ 45.0 ms ] thread
You can get any email for a developer from their commits in the json api...companies like Entelo & TalentBin have discovered this a long time ago and appear to be reselling them to recruiters for about $500 a month. If you have seen an uptick in recruiter spam lately, now you know why.

What is interesting is I believe its illegal (can-spam) to email someone if you harvested their email programmatically...but seems to be a clever hack around the law for a company to sell off a harvested emails to be emailed by someone else.

> I believe its illegal (can-spam) to email someone if you harvested their email programmatically

Nope. You can email pretty much anyone in America, regardless of how you acquired the address (and provided you meet various other requirements about headers and content). The biggest criticism against CAN-SPAM is that it could be viewed as a license for every business to spam the planet exactly once (after that you have to start worrying about opt-outs).

Edit: Oops, now I'm not so sure... see below.

> If you have seen an uptick in recruiter spam lately, now you know why.

Thank you, I was wondering how so many managed to find my e-mail.

of all spam - I like job offers (however misguided) the most.
Honest question - why is this news? (And why was it also news yesterday?)
I don't think it is as much news as a hack (which is completely relevant for this forum). The reason for its attraction is because most of the demographic here utilizes github and cares about privacy.
if privacy is a concern, don't make commits to a public repository
Thats exactly why its a news. Many didn't realize that the email and other particulars would be out in the open.

Its like knowing that my details are now public because I posted on HN when I expect only my posts to be public ... (Just an example as HN doesn't require an email id)

I thought this was going to be a reverse-MD5 on their gravatar url. Interesting to know this is there, too!

(As a possible improvement you could also take all possible matches and compare their MD5's to the gravatar URL.)

Thanks for the useful tool! Email addresses are not secrets, and I can't count the hours I've wasted trying to email some developer who thinks that by keeping his email address off of his blog that he'll get less spam.
To be fair, you will get slightly less spam
but your ratio of genuine-email-from-strangers to spam will plummet sharply.
I'll take that over the wasted hours spent blacklisting idiots, looking up ASNs for ISPs that don't give a shit, filling in abuse forms, maintaining and testing DKIM & ADSP policies, etc. etc. If I want you to have my email address I'll give it to you.
I'm always fascinated when something like this appears on HN and it turns out to be a dozen lines of bash. I could easily imagine writing a hundred lines of a "better" language (Python, CL, Ruby...)to do the same thing. I guess it just speaks to the unreasonable effectiveness of Unix tools for certain classes of problems.
Ruby uses `` to execute installed programs, which is the best part of bash. I'd say Ruby rivals bash in this sense.

  | I could easily imagine writing a hundred lines
  | of a "better" language
You could easily do much of the same things (probably in a similar number of lines) using system calls in other languages.
It could be better bash, e.g. using [[ instead of [. Also,

    curl -s https://api.github.com/users/$2/events/public |
    grep "\"gravatar_id\":" |
    sed -e's/[,|"]//g' |
    head -n 1 |
    awk '{print $(NF)}'
can be

    curl -sS https://api.github.com/users/$2/events/public |
    sed -n '/"gravatar_id":/!d; s/",//; s/.*"//p; q'
and so on.
Pull requests are always welcome :)
(comment deleted)
A small semantic question. If it is just one line of code snippet, doesn't a gist make more sense than a github project
Perhaps. This was something I threw together around midnight last night. Instinctively I made a git repo, no knowing what it would turn in to.
Pretty obvious to those of us who use GitHub. Commit to a public repo under your email and people can see it? Not news.
You don't even have to commit. Simply having a github account means your email address is public; it even says this on the "Edit your profile" page.
Auto-delete all messages that contain the phrase "my client" and you'll eliminate 90% of spammy recruiter emails in my experience.

That's the goal, right? If the recruiter had an amazing, what you've always wanted kind of job for you, you'd probably want to hear about it. But if that were the case he'd take the time to find out what that opportunity looks like, and he'd probably just tell you the company instead of all the "my client" stuff.

Emails from lawyers also frequently contain the phrase "my client". You might not want to automatically delete those ones.
Interesting, but GitHub is the place I'm least likely to want to email someone--since GitHub's staff is actually willing to deal with things like username squatting by defunct accounts.

On the other hand, if someone could tell me how to get someone's email address from their Tumblr or Twitter, I'd be eternally grateful. Stonewalls from both on the username-squatting front.

This feels like nothing more than linkbait with no value-add. Emails are public on Github anyways, so simply browsing to github.com/<username> will show the users registered address. I guess it's almost interesting that it can be done programmatically, but I never suspected anything less.
Not everyone includes their email in their GitHub profile. For instance, the creator of this tool’s profile at https://github.com/hodgesmr does not include his email address.

This tool does not rely on email addresses being in profiles. It can look up the email addresses used in commits in the user’s repos, and use heuristics to choose the most likely one.

Thanks for the clarification
Running it against my username, the first email address it pulls is the email of someone who contributed to one of my projects, not mine. (using -a does also include my address)
Title should be corrected, as it doesn't get the email address of all users, only those with public activity. A team member on a private org repo I'm a part of has no public activity on Github, and no email is returned, even using -a.