
How I Automated “Finding Almost Anyone’s Email Address” - zenlikethat
http://nathanleclaire.com/blog/2013/11/23/how-i-automated-finding-almost-anyones-email-address/
======
Sukotto
I feel conflicted.

On the one hand, it's a cool hack.

On the other hand, once someone starts abusing (and teaching others how to
abuse) a system. The people in charge of the system have to take steps to
protect the system (usually by limiting people's ability to use it). The net
result is that we risk losing an extremely valuable discovery/communication
tool.

On the gripping hand, life is all about accepting and adapting to change. We
should accept that the tools available today might not be available tomorrow.

So I remain conflicted. Doing these sorts of searches by hand might result in
a make-or-break connection for your business. Imho, by automating the
technique we cross the line from _using_ the tool to _abusing_ the tool. And
tools tend to break if you abuse them enough.

But, it's a cool hack.

~~~
chayesfss
You should never share your simple yet effective hacks

~~~
lbr
"Never show anyone. They'll beg you and they'll flatter you for the secret,
but as soon as you give it up... you'll be nothing to them..." Quote from the
prestige about magic.

Agree - I consider myself a social hacker... and I'm constantly tempted to
show off my methods... but I try not to. A trick is more impressive if someone
doesn't know they are being tricked.

And if everyone does it... it looses its magic.

------
lelandbatey
Something I noticed: the terminal background that is being used in the gif at
the top of this page is this one, titled "PC Gaming Master Race."[0]

The origins of the picture/painting comes from the long-standing meme that PC
gaming is superior to all other forms of gaming, thus PC gamers are the
"master race" of all gamers.

The photo depicts Gabe Newell (founder of Valve Software, a longstanding PC-
game oriented studio) and imposing humans representing "PC gamers" standing
atop a glowing city composed of PC gaming rigs. These "PC gamers", led by Gabe
Newell, look down on the "unwashed masses" of all the console gamers as the
console gamers rush to the edges of the city, trying to enter. Gabe Newell is
extending a glowing hand as the console gamers reach out to join the "PC
Gaming Master Race."

... Why did I just explain all this? ...

[0] -
[http://i3.minus.com/i5uZimbT3zJ1t.jpg](http://i3.minus.com/i5uZimbT3zJ1t.jpg)

~~~
sheetjs
His name is Gabe Newell (not Newel)

~~~
lelandbatey
Whoops, sorry about that. Fixed now.

------
npsimons
I've said it before in response to these sorts of articles, and I'll say it
again: if these people wanted random people "cold emailing" (what a weasel
term for spamming), they'd have put their email address in a more accessible
place.

Sure, you always hear the stories of "how I got X interviews by randomly
emailing people", and you can argue it shows technical aptitude, but that
doesn't make it any less scummy, and it completely ignores the dozens
(hundreds?) of people you are now blacklisted by for doing such an asinine
thing.

I tip my hat to the OP of this article for not posting source code (although
if he did, would that accelerate the response to make these sorts of attacks
infeasible?) and for not abusing it (at least by his standards).

~~~
manuelflara
I don't think cold emailing should be considered spam. For me spam has to be

a) random: send a commercial email to any address we can find, doesn't matter
who's is it.

b) massive: if you just send 10-20 emails I wouldn't qualify that as spam.

For example: If I have a product whose customers are startups (they are likely
to improve their lives/business by using my tool), why wouldn't they want me
to figure out their email (using a method like this) and email them about it
directly? They might not be interested, in which case they can delete it, but
it's not like you're sending them generic viagra or enlarge your penis spam.

------
jwcrux
I actually wrote a post a while back doing this exact thing: [http://jordan-
wright.github.io/blog/2013/10/14/automated-soc...](http://jordan-
wright.github.io/blog/2013/10/14/automated-social-engineering-recon-using-
rapportive/)

You can find the full script automating the Rapportive API here:
[https://github.com/jordan-wright/rapportive](https://github.com/jordan-
wright/rapportive)

------
Roedou
I'm the author (Rob) of the original post that detailed the hack. A bunch of
people have shared their updates with me, this is probably the most thorough
yet.

As I said when I first published the idea: please use it - and encourage
others to use it - sensibly. I've not seen anyone abusing it so far.

I've also found that when you 'discover' an email this way, you can typically
Google it and find that it was already posted online somewhere.

All in all, I'm glad people are innovating/iterating in this way. The people
worried about 'spam' are really worrying about human nature, not technology.

------
afreak
When Florida got area code 321, Robert Osband managed to use a similar
technique to get +1 321 LIFT-OFF.

[http://viaozz.com/cingularracing.com/story.html](http://viaozz.com/cingularracing.com/story.html)

~~~
pavel_lishin
The HTML on that site is broken, and breaks the story.

------
timdorr
Note, that Rapportive does rate limit their service:
[http://www.quora.com/Rapportive/Does-Rapportive-Rate-
Limit](http://www.quora.com/Rapportive/Does-Rapportive-Rate-Limit)

So, while this does work, you might run into limits depending on your usage.

Interestingly, my company (SalesLoft) does the same thing, but against actual
mail servers. While SMTP is a seemingly simple protocol, the actual
implementation of it can vary greatly and wrangling it is quite a challenge.
But if you can take it on, it works about 60% of the time to get you a working
email address.

------
AznHisoka
I think this will result in very poor conversions.

Getting someone's permission to email you will result in greater success. Find
their Twitter profile or Google+ account, then send them a msg asking if you
can email them about something. The ones that will reply are the ones that
will be interested and read your email anyway.

~~~
lifeisstillgood
thank you - yes.

------
redmattred
I built something similar awhile back with FlipTop's API back when they had a
free version. It took all of 20 minutes for them to shut off API access.

If you're going to wardial for email addresses, you could also just simply try
emailing all of the generated addresses.

~~~
buzzkills
If, like me, you have multiple permutations of your email that actually work
you're going to annoy the recipient quite a bit by emailing them multiple
times using that technique. If this is someone you wish to impress then I'd
advise against this approach.

~~~
sejje
Do it from an email address created specifically for that purpose?

------
berberous
My method: grep the Adobe password leak file for "@company.com".

~~~
serf
but which root@nsa.gov do I email!?

------
nathanb
This doesn't actually find almost anyone's email address, by the way.

A quick search through my employer's database finds five Mark Smiths. None of
them appear to have their social networking profiles linked. Knowing the
<firstname, lastname, company> tuple does not uniquely identify any particular
Mr. Smith, and rapportive gives no clues.

This is especially true for gmail. I have three gmail addresses, and none of
them can be guessed by combining my names in creative ways (not because I'm
paranoid, but because I have never used gmail as my primary address, so I
signed up late enough that nathanb@gmail, et al, were long gone). You will
find many people with my exact <firstname, lastname> combination (I even know
one personally, so <firstname, lastname, city> is equally ambiguous).

While this is an interesting approach (and is probably useful for finding the
email addresses of execs, tech leaders, and people with creative names), it
falls far short of the promised "finding almost anyone's email address".

------
lessnonymous
I've done similar, but without any need for Raportive (though I guess my
method would have a higher error rate and not work for MEGA corps).

You want to get Bob Smith's email at example.com, but you don't know it?
Simply find as many @example.com addresses as you can find then use name
dictionaries to guess the address format.

For example, if you find njones@example.com, pjohnson@example.com,
ffitzgerald@example.com and jane.doe@example.com we can quicky deduce that
example.com uses <firstinitial><surname> as their email template. The Jane Doe
address doesn't fit with every other address we found so we can ignore it.

Now send an email to bsmith@example.com and you're most likely talking to Bob
Smith.

------
cx42net
From our experience, we needed to quickly find email adresses of people in a
company, with an accurate return value, so we built Norbert :
[http://www.voilanorbert.com](http://www.voilanorbert.com)

It's in it's early stage (if you go after 5 tries, you will be requested to
pay via Paypal to enable unlimited access : it doesn't work so far).

We don't plan to gain a lot of money on it, the limit is more to restrict user
about abusing it.

For information about how it works, it simply connect to the mail server,
simulating a email to be sent, and testing if the server answer with a "Email
not found" or "Ok". Depending on the answer, we know if this email exists or
not.

------
r0ash
Simple hack yet very nicely structured content.

However, these kind of cold-marketing techniques will remain bubble.
Personally I think we should practice white-hat techniques, it pays well in
long term.

------
ben_hall
This will stop working after a few days...

------
evandrix
full-disclosure not mentioned in blog @ [http://jordan-
wright.github.io/blog/2013/10/14/automated-soc...](http://jordan-
wright.github.io/blog/2013/10/14/automated-social-engineering-recon-using-
rapportive)

------
drakaal
[http://xkcd.com/1279/](http://xkcd.com/1279/)

Why not just do searches for the person's name, and @company.com ?

That won't work for Gmail, but the XKCD explains where this Automation breaks
down.

------
jabagonuts
Finding other peoples email addresses is all good fun, but I had no idea the
chrome developer tools had a "Copy as cURL" feature! I will be using this all
the time now, thank you.

------
aerolite
we've actually been using this hack for months and i'm sure there's a group of
people who also have, who don't write about it. :/

------
gailees
Just one reason we are seeing the death of email and rise of social
networking.

~~~
bhoomit
I agree, we really need a better alternative to the email.

