

Simple script lets you spam all developers on GitHub using their API - danw
https://github.com/simonmaddox/GitHub-Spammer

======
marijn
They provide e-mail addresses over their regular web interface as well. That's
why the e-mail field in the account settings says '(publicly visible!)'. This
guy is not outing a dangerous, unknown vulnerability—he's just making it a
little bit easier for people to behave like obnoxious asses.

~~~
Jabbles
It's a good way of getting your SMTP server blacklisted.

------
oscarduignan
A little while back I got an email from someone using this feature to send out
his résumé! Quite an ingenious use I thought, find all X developers near Y and
send them a friendly form email customised using other details available from
their account (like their name) with your résumé and contact information
attached.

------
alexyoung
I took the basics of this to see what email addresses it really grabs:

<https://gist.github.com/667651>

I don't think it's as bad as the author thinks, given that the GitHub account
settings page has "Email (publicly visible!)".

~~~
petercooper
I've gone in and removed mine. I can't be certain but when I signed up (before
it went fully public, I think) I don't remember it saying the e-mail would
ever be visible (and I used the same unique e-mail address I use for all my
Git work/commits). So it's well worth GitHub users double check what they have
in their profile "just in case" they entered it at a time they though it'd be
private.

