Don't Crawl GitHub To Spam

Sometimes, time is just better spent elsewhere.

Quite a while ago, I changed my name on GitHub to 'Michael (a.k.a. Resynth)'. This was, ultimately, a joke to confuse people.

After receiving two items of spam, I don't plan to change it back.

On Thursday, 17th of September, I received an email from a company named Universal API Gateway. According to my email client, someone named Saaras sent it.

Coincidentally, the email contains the name I had set on GitHub: 'Michael (a.k.a. Resynth)'.

This was spam, and I knew it.

I've opened a report with the ICO, using their facility to report spam emails. If you're ever faced with unsolicited advertisements, I strongly suggest you do the same, but instead with the spam authority in your area. I couldn't find a list of them; go and do some research!

Unsolicited spam is also a violation of the GDPR. If you're a citizen of the UK, and wish to reply to spam (using a disposable email!), then you should probably learn about how it's affected by the GDPR.

The emails include an unsubscribe button, which carries a hint of irony. How can I unsubscribe from something I never subscribed to?

Am I now expected to reveal my IP address to these spammers, too?

It's also a well-known fact that the unsubscribe buttons on spam emails are a sting operation. They reveal quite a substantial amount of information about you, such as:

  • Your IP address
  • You use the email account
  • Your web browser information

There's probably more data points, but it's 3AM. Never reply or "unsubscribe" from spam, it's a trick.

One more thing: please name and shame spammers publicly. It's one thing to delete spam, but it's another to raise bad publicity for cutthroat, capitalistic businesses.

I'm going to be publishing the details of any further spam on my website, although I have yet to find a solid location for them. You'd be surprised by how much spam I get.

Another thing: never post email accounts directly on any website, without obfuscation. For example, be sure to use 'email at server dot com'.

Be sure not to include your emails in a "mailto:" link, either, unless you have an email relay service set up that can be easily thrown away.

Some websites also use images to display email addresses as an added layer of protection, but this may pose problems for accessibility.

If you're using Cloudflare, you may like to know that you can enable a function to obfuscate email addresses. That'll be the subject of my next blog posting...

Whatever you do, keep a watchful eye out for spam.

Remember, it's your email account, not theirs.