
Show HN: Find the email address of any GitHub user - hodgesmr
https://github.com/hodgesmr/FindGitHubEmail/
======
bitsweet
You can get any email for a developer from their commits in the json
api...companies like Entelo & TalentBin have discovered this a long time ago
and appear to be reselling them to recruiters for about $500 a month. If you
have seen an uptick in recruiter spam lately, now you know why.

What is interesting is I believe its illegal (can-spam) to email someone if
_you_ harvested their email programmatically...but seems to be a clever hack
around the law for a company to sell off a harvested emails to be emailed by
someone else.

~~~
eli
> _I believe its illegal (can-spam) to email someone if you harvested their
> email programmatically_

Nope. You can email pretty much anyone in America, regardless of how you
acquired the address (and provided you meet various other requirements about
headers and content). The biggest criticism against CAN-SPAM is that it could
be viewed as a license for every business to spam the planet exactly once
(after that you have to start worrying about opt-outs).

Edit: Oops, now I'm not so sure... see below.

~~~
dangrossman
The CAN-SPAM Act has specific prohibitions (and extra harsh sentencing
guidelines) for spamming harvested (or "dictionary attack") e-mails. Even if
you meet all the other requirements to legally send unsolicited commercial
e-mail, harvesting the addresses makes it illegal.

<https://www.projecthoneypot.org/law_of_harvesting.php>

<http://www.ftc.gov/os/caselist/0723041/canspam.pdf>

------
NelsonMinar
Thanks for the useful tool! Email addresses are not secrets, and I can't count
the hours I've wasted trying to email some developer who thinks that by
keeping his email address off of his blog that he'll get less spam.

~~~
acjohnson55
To be fair, you will get slightly less spam

~~~
zem
but your ratio of genuine-email-from-strangers to spam will plummet sharply.

------
tsm
I'm always fascinated when something like this appears on HN and it turns out
to be a dozen lines of bash. I could easily imagine writing a hundred lines of
a "better" language (Python, CL, Ruby...)to do the same thing. I guess it just
speaks to the unreasonable effectiveness of Unix tools for certain classes of
problems.

~~~
ralph
It could be better bash, e.g. using [[ instead of [. Also,

    
    
        curl -s https://api.github.com/users/$2/events/public |
        grep "\"gravatar_id\":" |
        sed -e's/[,|"]//g' |
        head -n 1 |
        awk '{print $(NF)}'
    

can be

    
    
        curl -sS https://api.github.com/users/$2/events/public |
        sed -n '/"gravatar_id":/!d; s/",//; s/.*"//p; q'
    

and so on.

~~~
hodgesmr
Pull requests are always welcome :)

------
adamsmith
I thought this was going to be a reverse-MD5 on their gravatar url.
Interesting to know this is there, too!

(As a possible improvement you could also take all possible matches and
compare their MD5's to the gravatar URL.)

~~~
bcuccioli
<https://github.com/hodgesmr/FindGitHubEmail/pull/5>

I'm not really that familiar with bash scripting so this might be a mess.

------
nutanc
A small semantic question. If it is just one line of code snippet, doesn't a
gist make more sense than a github project

~~~
hodgesmr
Perhaps. This was something I threw together around midnight last night.
Instinctively I made a git repo, no knowing what it would turn in to.

------
hoop
This feels like nothing more than linkbait with no value-add. Emails are
public on Github anyways, so simply browsing to github.com/<username> will
show the users registered address. I guess it's almost interesting that it can
be done programmatically, but I never suspected anything less.

~~~
roryokane
Not everyone includes their email in their GitHub profile. For instance, the
creator of this tool’s profile at <https://github.com/hodgesmr> does not
include his email address.

This tool does not rely on email addresses being in profiles. It can look up
the email addresses used in commits in the user’s repos, and use heuristics to
choose the most likely one.

~~~
hoop
Thanks for the clarification

------
bdcravens
Title should be corrected, as it doesn't get the email address of all users,
only those with public activity. A team member on a private org repo I'm a
part of has no public activity on Github, and no email is returned, even using
-a.

------
cliftonmckinney
Auto-delete all messages that contain the phrase "my client" and you'll
eliminate 90% of spammy recruiter emails in my experience.

That's the goal, right? If the recruiter had an amazing, what you've always
wanted kind of job for you, you'd probably want to hear about it. But if that
were the case he'd take the time to find out what that opportunity looks like,
and he'd probably just tell you the company instead of all the "my client"
stuff.

~~~
nedwin
Emails from lawyers also frequently contain the phrase "my client". You might
not want to automatically delete those ones.

------
derefr
Interesting, but GitHub is the place I'm _least_ likely to want to email
someone--since GitHub's staff is actually willing to deal with things like
username squatting by defunct accounts.

On the other hand, if someone could tell me how to get someone's email address
from their Tumblr or Twitter, I'd be eternally grateful. Stonewalls from both
on the username-squatting front.

------
twistedpair
Pretty obvious to those of us who use GitHub. Commit to a public repo under
your email and people can see it? Not news.

~~~
hoop
You don't even have to commit. Simply having a github account means your email
address is public; it even says this on the "Edit your profile" page.

------
railsshetty
Here goes my Version used to fetch the email addresses of your followers :)

[https://github.com/rShetty/Scriptomaniac/blob/master/github....](https://github.com/rShetty/Scriptomaniac/blob/master/github.sh)

------
bdcravens
Running it against my username, the first email address it pulls is the email
of someone who contributed to one of my projects, not mine. (using -a does
also include my address)

~~~
bcuccioli
Try -g ;)

------
scoot
Honest question - why is this news? (And why was it also news yesterday?)

~~~
benblodgett
I don't think it is as much news as a hack (which is completely relevant for
this forum). The reason for its attraction is because most of the demographic
here utilizes github and cares about privacy.

~~~
nthitz
if privacy is a concern, don't make commits to a public repository

~~~
nmridul
Thats exactly why its a news. Many didn't realize that the email and other
particulars would be out in the open.

Its like knowing that my details are now public because I posted on HN when I
expect only my posts to be public ... (Just an example as HN doesn't require
an email id)

