Comment by retlehs
3 days ago
I’ve made over five reports for this exact spam scenario, and never once have y’all acted on them. I have a hard time believing you ban spam accounts that clearly violate your ToS.
I even wrote about a specific example of a YC company spamming me from my GitHub email at https://benword.com/dont-tolerate-unsolicited-spam
How did you connect joe@legitbusiness.com, where spam usually originates from for me (hacked email accounts), to a specific github user account that was used to scrape the data, which microsoft can choose to ban? And that's assuming they believe you're being truthful and not simply angry with the user whom you're reporting
As others have noted, the emails frequently include the sender's actual GitHub username or organization in the body or signature.
Attribution isn't speculative. The DKIM/SPF headers show the messages are authenticated and sent through the company's own mail servers, signed by their domain. These are not spoofed "joe@legitbusiness.com" messages. I include the original headers in every abuse report.
In several cases I've engaged directly. One founder replied to my "stop spamming" email and later sent me a LinkedIn request. When the name in the signature, the GitHub profile, the authenticated sending domain, and the LinkedIn account all align, the hacked-account explanation no longer fits the facts.
How would you know whether the account that did the scraping was banned?
By visiting the account and noticing that it still has activity long after the report.
I'm confused. How do you know what account scraped your email address from github in order to send you an email?
Or do you mean going after the accounts of companies that make use of a likely scraped email address? That's not a bad idea either, but it has risks and isn't the same thing.
4 replies →
How do you propose GH take action without risking taking down legitimate projects due to brigades of false reports?
11 replies →