On the one hand, it's a cool hack.
On the other hand, once someone starts abusing (and teaching others how to abuse) a system. The people in charge of the system have to take steps to protect the system (usually by limiting people's ability to use it). The net result is that we risk losing an extremely valuable discovery/communication tool.
On the gripping hand, life is all about accepting and adapting to change. We should accept that the tools available today might not be available tomorrow.
So I remain conflicted. Doing these sorts of searches by hand might result in a make-or-break connection for your business. Imho, by automating the technique we cross the line from using the tool to abusing the tool. And tools tend to break if you abuse them enough.
But, it's a cool hack.
Most of the top execs at my company (fortune 500) have internal only email addresses now, because of crap like this.
The hack is cool. Public directories of everyone's email address (which is the logical extension) - maybe not as cool.
Agree - I consider myself a social hacker... and I'm constantly tempted to show off my methods... but I try not to. A trick is more impressive if someone doesn't know they are being tricked.
And if everyone does it... it looses its magic.
The origins of the picture/painting comes from the long-standing meme that PC gaming is superior to all other forms of gaming, thus PC gamers are the "master race" of all gamers.
The photo depicts Gabe Newell (founder of Valve Software, a longstanding PC-game oriented studio) and imposing humans representing "PC gamers" standing atop a glowing city composed of PC gaming rigs. These "PC gamers", led by Gabe Newell, look down on the "unwashed masses" of all the console gamers as the console gamers rush to the edges of the city, trying to enter. Gabe Newell is extending a glowing hand as the console gamers reach out to join the "PC Gaming Master Race."
... Why did I just explain all this? ...
 - http://i3.minus.com/i5uZimbT3zJ1t.jpg
Sure, you always hear the stories of "how I got X interviews by randomly emailing people", and you can argue it shows technical aptitude, but that doesn't make it any less scummy, and it completely ignores the dozens (hundreds?) of people you are now blacklisted by for doing such an asinine thing.
I tip my hat to the OP of this article for not posting source code (although if he did, would that accelerate the response to make these sorts of attacks infeasible?) and for not abusing it (at least by his standards).
a) random: send a commercial email to any address we can find, doesn't matter who's is it.
b) massive: if you just send 10-20 emails I wouldn't qualify that as spam.
For example: If I have a product whose customers are startups (they are likely to improve their lives/business by using my tool), why wouldn't they want me to figure out their email (using a method like this) and email them about it directly? They might not be interested, in which case they can delete it, but it's not like you're sending them generic viagra or enlarge your penis spam.
If your message is relevant and valuable, the receiver doesn't see it as spam, regardless of whether they've heard of you.
You can find the full script automating the Rapportive API here: https://github.com/jordan-wright/rapportive
As I said when I first published the idea: please use it - and encourage others to use it - sensibly. I've not seen anyone abusing it so far.
I've also found that when you 'discover' an email this way, you can typically Google it and find that it was already posted online somewhere.
All in all, I'm glad people are innovating/iterating in this way. The people worried about 'spam' are really worrying about human nature, not technology.
So, while this does work, you might run into limits depending on your usage.
Interestingly, my company (SalesLoft) does the same thing, but against actual mail servers. While SMTP is a seemingly simple protocol, the actual implementation of it can vary greatly and wrangling it is quite a challenge. But if you can take it on, it works about 60% of the time to get you a working email address.
Getting someone's permission to email you will result in greater success. Find their Twitter profile or Google+ account, then send them a msg asking if you can email them about something. The ones that will reply are the ones that will be interested and read your email anyway.
If you're going to wardial for email addresses, you could also just simply try emailing all of the generated addresses.
A quick search through my employer's database finds five Mark Smiths. None of them appear to have their social networking profiles linked. Knowing the <firstname, lastname, company> tuple does not uniquely identify any particular Mr. Smith, and rapportive gives no clues.
This is especially true for gmail. I have three gmail addresses, and none of them can be guessed by combining my names in creative ways (not because I'm paranoid, but because I have never used gmail as my primary address, so I signed up late enough that nathanb@gmail, et al, were long gone). You will find many people with my exact <firstname, lastname> combination (I even know one personally, so <firstname, lastname, city> is equally ambiguous).
While this is an interesting approach (and is probably useful for finding the
email addresses of execs, tech leaders, and people with creative names), it falls far short of the promised "finding almost anyone's email address".
You want to get Bob Smith's email at example.com, but you don't know it? Simply find as many @example.com addresses as you can find then use name dictionaries to guess the address format.
For example, if you find email@example.com, firstname.lastname@example.org, email@example.com and firstname.lastname@example.org we can quicky deduce that example.com uses <firstinitial><surname> as their email template. The Jane Doe address doesn't fit with every other address we found so we can ignore it.
Now send an email to email@example.com and you're most likely talking to Bob Smith.
It's in it's early stage (if you go after 5 tries, you will be requested to pay via Paypal to enable unlimited access : it doesn't work so far).
We don't plan to gain a lot of money on it, the limit is more to restrict user about abusing it.
For information about how it works, it simply connect to the mail server, simulating a email to be sent, and testing if the server answer with a "Email not found" or "Ok". Depending on the answer, we know if this email exists or not.
However, these kind of cold-marketing techniques will remain bubble. Personally I think we should practice white-hat techniques, it pays well in long term.
Why not just do searches for the person's name, and @company.com ?
That won't work for Gmail, but the XKCD explains where this Automation breaks down.