Hacker News new | past | comments | ask | show | jobs | submit login
How I Automated “Finding Almost Anyone’s Email Address” (nathanleclaire.com)
252 points by zenlikethat on Nov 24, 2013 | hide | past | web | favorite | 37 comments

I feel conflicted.

On the one hand, it's a cool hack.

On the other hand, once someone starts abusing (and teaching others how to abuse) a system. The people in charge of the system have to take steps to protect the system (usually by limiting people's ability to use it). The net result is that we risk losing an extremely valuable discovery/communication tool.

On the gripping hand, life is all about accepting and adapting to change. We should accept that the tools available today might not be available tomorrow.

So I remain conflicted. Doing these sorts of searches by hand might result in a make-or-break connection for your business. Imho, by automating the technique we cross the line from using the tool to abusing the tool. And tools tend to break if you abuse them enough.

But, it's a cool hack.

This is just as much of a "cool hack" as the latest trend i've been experiencing. Sales droids have been emailing my personal email address to try and sell and pitch me. As a result of the latest and most persistent one, I'm pushing to open source our internal alternative for that product.

Most of the top execs at my company (fortune 500) have internal only email addresses now, because of crap like this.

Whenever you leave a window open for hack, there's potential for abuse. I don't see the conflict here. There are those who would use it for fun & then there are those who would love to ruin it for everyone. From a privacy point of view, I don't think it should be considered an "extremely valuable discovery/communication tool".

It's a tight line. As someone in Sales, it is helpful to know people's email. But sending spam just creates more powerful spam blocking email systems, which ultimately screen out real email too.

The hack is cool. Public directories of everyone's email address (which is the logical extension) - maybe not as cool.

You should never share your simple yet effective hacks

"Never show anyone. They'll beg you and they'll flatter you for the secret, but as soon as you give it up... you'll be nothing to them..." Quote from the prestige about magic.

Agree - I consider myself a social hacker... and I'm constantly tempted to show off my methods... but I try not to. A trick is more impressive if someone doesn't know they are being tricked.

And if everyone does it... it looses its magic.

Something I noticed: the terminal background that is being used in the gif at the top of this page is this one, titled "PC Gaming Master Race."[0]

The origins of the picture/painting comes from the long-standing meme that PC gaming is superior to all other forms of gaming, thus PC gamers are the "master race" of all gamers.

The photo depicts Gabe Newell (founder of Valve Software, a longstanding PC-game oriented studio) and imposing humans representing "PC gamers" standing atop a glowing city composed of PC gaming rigs. These "PC gamers", led by Gabe Newell, look down on the "unwashed masses" of all the console gamers as the console gamers rush to the edges of the city, trying to enter. Gabe Newell is extending a glowing hand as the console gamers reach out to join the "PC Gaming Master Race."

... Why did I just explain all this? ...

[0] - http://i3.minus.com/i5uZimbT3zJ1t.jpg

Image is nearly 9MB and 6,000 pixels wide. Its also exactly what you would expect.

His name is Gabe Newell (not Newel)

Whoops, sorry about that. Fixed now.

What does this have to do with anything?

I've said it before in response to these sorts of articles, and I'll say it again: if these people wanted random people "cold emailing" (what a weasel term for spamming), they'd have put their email address in a more accessible place.

Sure, you always hear the stories of "how I got X interviews by randomly emailing people", and you can argue it shows technical aptitude, but that doesn't make it any less scummy, and it completely ignores the dozens (hundreds?) of people you are now blacklisted by for doing such an asinine thing.

I tip my hat to the OP of this article for not posting source code (although if he did, would that accelerate the response to make these sorts of attacks infeasible?) and for not abusing it (at least by his standards).

I don't think cold emailing should be considered spam. For me spam has to be

a) random: send a commercial email to any address we can find, doesn't matter who's is it.

b) massive: if you just send 10-20 emails I wouldn't qualify that as spam.

For example: If I have a product whose customers are startups (they are likely to improve their lives/business by using my tool), why wouldn't they want me to figure out their email (using a method like this) and email them about it directly? They might not be interested, in which case they can delete it, but it's not like you're sending them generic viagra or enlarge your penis spam.

Spam is in the eye of the beholder. When my wife goes through our (physical) mail, she complains about how 90% of it is "junk," but her eyes light up at the 20% off coupon from Bed, Bath, & Beyond addressed to "Current Resident."

If your message is relevant and valuable, the receiver doesn't see it as spam, regardless of whether they've heard of you.

I actually wrote a post a while back doing this exact thing: http://jordan-wright.github.io/blog/2013/10/14/automated-soc...

You can find the full script automating the Rapportive API here: https://github.com/jordan-wright/rapportive

I'm the author (Rob) of the original post that detailed the hack. A bunch of people have shared their updates with me, this is probably the most thorough yet.

As I said when I first published the idea: please use it - and encourage others to use it - sensibly. I've not seen anyone abusing it so far.

I've also found that when you 'discover' an email this way, you can typically Google it and find that it was already posted online somewhere.

All in all, I'm glad people are innovating/iterating in this way. The people worried about 'spam' are really worrying about human nature, not technology.

When Florida got area code 321, Robert Osband managed to use a similar technique to get +1 321 LIFT-OFF.


The HTML on that site is broken, and breaks the story.

Note, that Rapportive does rate limit their service: http://www.quora.com/Rapportive/Does-Rapportive-Rate-Limit

So, while this does work, you might run into limits depending on your usage.

Interestingly, my company (SalesLoft) does the same thing, but against actual mail servers. While SMTP is a seemingly simple protocol, the actual implementation of it can vary greatly and wrangling it is quite a challenge. But if you can take it on, it works about 60% of the time to get you a working email address.

I think this will result in very poor conversions.

Getting someone's permission to email you will result in greater success. Find their Twitter profile or Google+ account, then send them a msg asking if you can email them about something. The ones that will reply are the ones that will be interested and read your email anyway.

thank you - yes.

I built something similar awhile back with FlipTop's API back when they had a free version. It took all of 20 minutes for them to shut off API access.

If you're going to wardial for email addresses, you could also just simply try emailing all of the generated addresses.

If, like me, you have multiple permutations of your email that actually work you're going to annoy the recipient quite a bit by emailing them multiple times using that technique. If this is someone you wish to impress then I'd advise against this approach.

Do it from an email address created specifically for that purpose?

My method: grep the Adobe password leak file for "@company.com".

but which root@nsa.gov do I email!?

This doesn't actually find almost anyone's email address, by the way.

A quick search through my employer's database finds five Mark Smiths. None of them appear to have their social networking profiles linked. Knowing the <firstname, lastname, company> tuple does not uniquely identify any particular Mr. Smith, and rapportive gives no clues.

This is especially true for gmail. I have three gmail addresses, and none of them can be guessed by combining my names in creative ways (not because I'm paranoid, but because I have never used gmail as my primary address, so I signed up late enough that nathanb@gmail, et al, were long gone). You will find many people with my exact <firstname, lastname> combination (I even know one personally, so <firstname, lastname, city> is equally ambiguous).

While this is an interesting approach (and is probably useful for finding the email addresses of execs, tech leaders, and people with creative names), it falls far short of the promised "finding almost anyone's email address".

I've done similar, but without any need for Raportive (though I guess my method would have a higher error rate and not work for MEGA corps).

You want to get Bob Smith's email at example.com, but you don't know it? Simply find as many @example.com addresses as you can find then use name dictionaries to guess the address format.

For example, if you find njones@example.com, pjohnson@example.com, ffitzgerald@example.com and jane.doe@example.com we can quicky deduce that example.com uses <firstinitial><surname> as their email template. The Jane Doe address doesn't fit with every other address we found so we can ignore it.

Now send an email to bsmith@example.com and you're most likely talking to Bob Smith.

From our experience, we needed to quickly find email adresses of people in a company, with an accurate return value, so we built Norbert : http://www.voilanorbert.com

It's in it's early stage (if you go after 5 tries, you will be requested to pay via Paypal to enable unlimited access : it doesn't work so far).

We don't plan to gain a lot of money on it, the limit is more to restrict user about abusing it.

For information about how it works, it simply connect to the mail server, simulating a email to be sent, and testing if the server answer with a "Email not found" or "Ok". Depending on the answer, we know if this email exists or not.

Simple hack yet very nicely structured content.

However, these kind of cold-marketing techniques will remain bubble. Personally I think we should practice white-hat techniques, it pays well in long term.

This will stop working after a few days...

full-disclosure not mentioned in blog @ http://jordan-wright.github.io/blog/2013/10/14/automated-soc...


Why not just do searches for the person's name, and @company.com ?

That won't work for Gmail, but the XKCD explains where this Automation breaks down.

Finding other peoples email addresses is all good fun, but I had no idea the chrome developer tools had a "Copy as cURL" feature! I will be using this all the time now, thank you.

we've actually been using this hack for months and i'm sure there's a group of people who also have, who don't write about it. :/

Just one reason we are seeing the death of email and rise of social networking.

I agree, we really need a better alternative to the email.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact