Comment by david_allison

3 days ago

> when we catch the accounts doing this we can (and do) take action against those accounts including banning the accounts.

This isn't my experience. I requested that you looked into a spammer in July 2025, you ignored my reply and the account is still active.

----

Thank you so much for the report. We're sorry to hear you're receiving unwanted emails, but it's always a possibility when your public contact information is listed on the web. You can keep your email address private if you wish by following the steps here:

Setting your commit email address

We do expect our users to comply with our Terms of Service, which prohibits transmitting using information from the GitHub (whether scraped, collected through our API, or obtained otherwise) for spamming purposes. I'm happy to look into it further to see if we can contact the reported user and let them know that this type of activity is not allowed.

Please let us know if you have any other questions or concerns.

----

My reply which was ignored:

----

I understand it will happen from time to time. I'd rather be contactable (I've received legitimate emails today because my email is on my profile).

Please take further action. My email is public with the expectation that the ToS will be enforced. If GitHub isn't discouraging spammers then it makes it much harder to justify being contactable.

All the best, David

7 comments

david_allison

Reply
gettingoverit  3 days ago

I reported spammers ~5 times to GH, and every time the account went down in a couple of hours. Obviously mileage may vary, but I don't want the whole HN to think this process is completely broken.

Please keep reporting spammers, usually it works.

  • david_allison  3 days ago

    To confirm: is this email spammers, or spam on GitHub?

    I've had decent success with on-GitHub action (I'd wager ~80% action taken), but the effort to report email spammers doesn't seem worthwhile.

tom_m  3 days ago

It's impossible for them to stop if you list your email on there. They could make it harder of course. But if you put your email out there for a human to find, then a script or bot or also find it.

And yes of course they can also stop a specific spammer. But that spammer may pick up another account and email.

  • angoragoats  3 days ago

    The grandparent post wasn't asking for them to do the impossible and stop all spamming, only to take action against the particular user that spammed them.

Aachen  2 days ago

>> it's always a possibility when your public contact information is listed on the web

Sounds correct to me

> Please take further action. My email is public with the expectation that the ToS will be enforced.

What magic wand are you expecting they wave that distinguishes people who need your email address for legitimate from those who need it for illicit purposes? Why wouldn't we apply the same to the entire population and lock up criminals before they've committed crimes?

What you're asking is entirely impossible short of mandatory mind reading

  • david_allison  2 days ago

    I provided a spam email chain from a user with a linked GitHub profile, stating that they obtained my email from my GitHub profile.

    GP [martinwoodward] states:

    > This type of behaviour is explicitly against the GitHub terms of service, when we catch the accounts doing this we can (and do) take action against those accounts including banning the accounts.

    But action was not taken, there was no reply to my email to GitHub support.

Rapzid  2 days ago

Yeah they likely rarely if ever "look into" it and certainly nobody has ever needed a lawyer over this.

As recently as a year or so ago, at least, you could list repo stargazers through their graphQL API and get a TON of email off that depending on the user settings.