Hacker News new | past | comments | ask | show | jobs | submit login
The Art of Finding Anyone’s Email Addresses (lifeaftercubes.com)
107 points by LifeAfterCubes on May 25, 2013 | hide | past | web | favorite | 26 comments



Alternatively, pick up the phone, call the company they work for, and ask for their email.

"Hi, I'm <x>, I'm trying to send an important email to <y> but it keeps bouncing. Can you confirm I've got their email address correct?"


This is a Hail Mary, but I've found some important email address by running a WHOIS on that person's known web properties. While he may have hidden his registration info for his personal site, he may have slipped up on his project sites


You can also use tools like DomainTools.com to look at historical registration data, their data may be private now but could have been exposed previously.


I've had great luck with this, actually. At the very least there's a chance you'll find some dummy address that forwards to a real address, and get a response that way.


I wanted to contact people from some companies but their email was not in their profiles, I found this script in github https://github.com/laramies/theHarvester which looks for emails given a domain.

Is super useful, even though It wouldn't give me the email I was looking for, it would show me the "structure" used for emails inside the company:

   first_name@domain.com
   first_name.last_name@domain.com
Based on that I would just guest the email of the person and it used to work perfectly.

This is perfect for doing customer development, also if you are doing cold reach outs remember to follow the CAN-SPAM act.


Is super useful, even though It wouldn't give me the email I was looking for, it would show me the "structure" used for emails inside the company:

Based on that I would just guest the email of the person and it used to work perfectly.

I've used this technique a bit, but a word of warning... it's definitely not always the case that all emails in a given firm match "the structure". Usually most of them do, but I have found more than one company with a mishmash of patterns for whatever reason.

Probably the most common thing I've noticed is that "important" people (CEO, etc.) may get a different email, and people with really long name (some Indian names fall into this a lot) may be truncated, or swapped out for just an initial.

Still, other than paying for addresses from Jigsaw or Hoovers, this seems to be about the best approach I've found so far.


Related question: is there a limit on email address length? Like a real fundamental limit, not arbitrary decisions Gmail or Yahoo folks might have come up with.


Header lines are limited to 998 characters (1000 - '\r\n'). Subtract 'To: ' (4 characters) and one practical maximum upper limit is 994 characters including domain.


well the minimum length is 3, and the maximum length is 254:

http://stackoverflow.com/questions/386294/what-is-the-maximu...


I don't know, but you might be able to parse the answer out of this:

http://www.faqs.org/rfcs/rfc2822.html


If I ever get into a situation where I can't figure out the address, I just pick one of my guesses and bcc all the rest.

Sure, they might think it's a little weird if they notice they're in the bcc field, but it sure is a lot easier than sending off a single email and spending the next few days wondering if it actually went through.


hmm. I thought the whole point of BCC was "blind carbon-copy". Meaning the person would be unaware as to who else was sent the email?


They would know they were in the BCC field if the "To" address was not their correct address.


The trick I've seen is to put your own email in the to field, and all destinations in the bcc


I hadn't heard of MailTester before; I have used the telnet/25 and RCPT TO: technique manually several times.


There is a catch-all address at my company that goes to our CEO. He forwards me headhunter emails all the time that are addressed to variations of my first and last name. :-/

I'm assuming they used similar tactics to try to find my address


> He forwards me headhunter emails all the time that are addressed to variations of my first and last name.

Sure he's not trying to tell you something? :-|


Apart from "the right thing", one might see this particular behaviour as "quite polite".

It is also better for the relationship. It signifies trust. And every time you hold something back (or lie) you risk damaging a relationship. In this instance, a recruiter might reach out to the employee some other way. The recruiter and employee would then figure out that the business owner may have withheld the mail, even though it was clearly addressed to the employee.


Yes. Do the right thing, you might get credit for it. Do the wrong thing, and sometime, sooner or later, it'll pop up and kick you in the arse.



To verify if you have guessed someone's correct gmail address you can always do this - http://mindprince.blogspot.com/2012/12/google-plus-profile-g... Works for all those who have upgraded to Google+.


Or, if you have a small budget, you can just use this: http://www.insideview.com/


Norman? This is Mr. Eddie Vedder, from Accounting. I just had a power surge here at home that wiped out a file I was working on.


My BLT drive just went AWOL!


Rapportive asks for single sign-on access to Gmail. Isn't that somehow risky?


Man, what a horrible design this site has.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: