
Gradberry Spamming GitHub Users - JoshTriplett
Gradberry appears to be mass-spamming contributors to various github repositories.  See http:&#x2F;&#x2F;pastebin.com&#x2F;mmjkUY0w for one example, and https:&#x2F;&#x2F;twitter.com&#x2F;jacobian&#x2F;status&#x2F;585287293860093952 for another.
======
swang
Omniref also spammed me via either npm or github, telling me my project was on
their site and that I should "claim" ownership for the documentation for it.
Omniref is also a YC startup.

I found it pretty annoying because they're essentially telling me to claim
'ownership' of it and splintering where people should be getting help from. At
least my library isn't that popular anyways otherwise I'd be much more angry
(and more annoyed)

So I guess essentially YC is advising their companies to start spamming
developers?

~~~
haakon
Sounds like "growth hacking" to me. Basically a fancy word for "spam from a
startup".

------
iba99
Hi guys, founders here, we genuinely apologize to the community for for doing
this. As a lesson to other founders and startups, here is exactly how it
happened:

\- Through github, we selected a total of 200 devs (13-14 from each repo that
correlated with an open position)- based on their commits, prior experience,
etc- If they seemed like the right fit for the position, we sent them an
email.

It was a dumb decision, period. And we promise to never do this sort of thing
again. Recruiter spam (or any other sort of spam) sucks, and we should have
known better. Lesson learnt.

~~~
trcollinson
Your honesty is admirable. But this delves into a much deeper question. What
exactly makes you different from every other recruitment house? Companies come
looking for talent and pay a fee or a percentage for the people they find. You
have a database of talent which is curated based on some way of looking at
github commit history. I guess I can see how that can be quite useful when
trying to hire someone.

But then from this situation it looks like you aren't getting the type of
talent you need to fill the positions you have. So you did what most
recruitment firms do. You sent out a form letter trying to get the best talent
you could find (like the Director of Security for Heroku) to sign up for your
service to keep the companies that are looking for happy.

I am not trying to make you look bad or whatnot. You've already apologized.
But I (and I would imagine quite a few others here on HN) use a lot of
recruitment services either to be hired or to hire others. Can you talk a bit
as to how you plan to be different and find or place that talent better in the
future?

------
chinathrow
Spammy startups are becoming more common these days, both US based and Europe
based.

What these spammy startups not know or simply ignore: spamming anyone in
Europe without prior consent (e.g. opt-in for newsletter) is against the law
and therefore illegal and ripe for legal action.

~~~
Symbiote
The recommended first step from the UK Information Commissioner's Office [1]
is to ask the company to stop. The next step is the ICO asks them to stop.

The second step was very effective at ending the daily texts I was getting
from a local pizza place.

[1] [https://ico.org.uk/for-the-public/online/spam-
emails/](https://ico.org.uk/for-the-public/online/spam-emails/)

------
jsmeaton
This is really really gross spamming. Especially so because they are targeting
potential customers/users that would be vehemently against this kind of spam
in the first place. It's really extremely stupid and unethical.

Interesting to note that YC backed this company. I wonder if YC were aware of
their user gathering methods (doubtful).

------
haakon
I hate GitHub spam. One of them told me basically "we saw you had one commit
in that repo a year ago so you're obviously a core developer with that project
so this is not spam because it's super relevant for you".

Gradberry is apologising on twitter now with the same bs:
[https://twitter.com/gradberry/with_replies](https://twitter.com/gradberry/with_replies)
("we sent one email since your profile matched out job requirements, sorry
about that!", "sorry man :( We did genuinely like your repo commits though.")

I hope this blows up in their faces. Spam is spam.

------
DanBC
Here's their YC page: [http://blog.ycombinator.com/gradberry-yc-w15-curates-
technic...](http://blog.ycombinator.com/gradberry-yc-w15-curates-technical-
talent)

The Techcrunch article: [http://techcrunch.com/2015/03/03/from-pakistan-to-y-
combinat...](http://techcrunch.com/2015/03/03/from-pakistan-to-y-combinator-
gradberry-vets-technical-talent/)

Post from one of th founders
[https://news.ycombinator.com/item?id=9143684](https://news.ycombinator.com/item?id=9143684)

------
jsmthrowaway
I can't even put myself in a place, mentally, where receiving this message
would make me want to do or feel something positive.

Who responds well to this? Seriously, who sees this and thinks, "sign me up?"
Am I just out of touch here?

~~~
troels
I wonder what a "super clean commit" looks like anyway?

~~~
westi
White space only changes? ;)

------
JoshTriplett
For the record, the original title before someone edited it was "Gradberry (YC
W15) Spamming GitHub Users"; the parenthetical was then edited out.

~~~
chrisdotcode
Was this prevented from hitting the front-page as well? It's top 5 in /ask,
but did the people responsible for the title edit disallow it from being on
the front-page such to prevent bad YC press?

If my theory is true, I will be extremely disappointed.

------
msoad
Hired is doing the same. I got almost 10 emails from Hired since they started
spamming me.

My approach is just deleting the emails. I have some powerful Gmail filters
that tag emails based on their content so every know and then I go to the tag
I created for those emails and quickly review all of them (mostly based on
title) and then delete all.

~~~
JoshTriplett
Is there anyone out there who actually chases down spam sources and actively
stops them at the source (via anti-spam laws, abuse@ addresses, ISP/datacenter
reporting, domain registrar reporting, working with ISPs about customers
running botnet nodes, fixing exploitable web forms, etc)? I would pay non-
trivial amounts of money per month to a company to which I could bounce spam
mails and receive satisfying notes later about spam providers they've zapped
out of existence.

------
krat0sprakhar
> If you are open to go where no coder where gone before, click here to
> engage.

Wow, that's a rather _interesting_ call to action.

------
kbar13
this is happening more and more often. Use a fake/anonymous email address for
GitHub:

[https://help.github.com/articles/keeping-your-email-
address-...](https://help.github.com/articles/keeping-your-email-address-
private/)

~~~
dchest
Don't worry, if they know your name and domain, they will try to figure out
your email address ;-)

[https://github.com/Gradberry/Email-
Permutator](https://github.com/Gradberry/Email-Permutator)

[http://gb-emailvalidator.azurewebsites.net/](http://gb-
emailvalidator.azurewebsites.net/)

~~~
chinathrow
These tools are tools for spammers. Sorry - but come on guys. Read up on the
laws!

~~~
ncza
Nono, they are leveraging the market opportunity to generate viral leads with
growth hacking.

~~~
chinathrow
Buy ads, call people and ask politely if you can send them more information.

But don't spam.

~~~
reinhardt
GP was being sarcastic

------
asadlionpk
I wonder what would have been the right way to acquire developers in this
case. What is more effective than being unethical and spamming people?

~~~
ArekDymalski
I have the same question. Without a doubt GitHub seems to be a perfect channel
for that. I'm wondering where is the spam border? Let's say I'll _manually_
choose 100 developers who seem to be a good fit for early adopters and
_manually_ mail them something like "Hi! I'm X from Y. Here at G we are doing
Z for developers like you. I'd appreciate your feedback"

I'm afraid that some of these people would still consider this spam, even if
the intentions are genuine.

~~~
shawabawa3
> I'm afraid that some of these people would still consider this spam

Because it is. It's unsolicited mass emailing

A _genuine_ email would be "Hi, this is X from Y, we met at Z and you told me
you were interested in A, I have a few startups doing work around A, B and C,
would you be interested?"

Or something like that

~~~
asadlionpk
Yes that would be a genuine email but wouldn't apply in this case. How can
Gradberry send genuine emails.

------
trumbitta2
Well, I for one didn't know anything about this Gradberry before reading this
on the front page.

Mission accomplished, I guess?

~~~
mryan
The adage "there's no such thing as bad publicity" is no longer true, if it
ever was.

Sure, I've now heard of Gradberry, but my association is "those spammers who
scraped GitHub for email addresses". Any email I get from them will be
immediately deleted.

------
thebiglebrewski
Do you guys know why this isn't on the front page or Hckrnews anymore?

[https://news.ycombinator.com/item?id=9337265](https://news.ycombinator.com/item?id=9337265)

------
aikah
That's growth hacking for you ! disgusting and way too frequent.

------
csense
Before authoring commits that I plan to send to Github, I run:

    
    
        git config user.email $github_username@users.noreply.github.com
    

Frankly I'm surprised spammers aren't a bigger problem on Github, given that
it's one of the few websites that makes it fairly easy to get a plaintext dump
of large numbers of email addresses.

------
joshfriend
I once got a spam message like this about a repository that i _starred_. I
made no commits, opened no issues, just starred!

------
mahouse
Uh, front page. Wave goodbye to the money.

------
Faither
Wow, that's a rather interesting call to action.

