How would you know whether the account that did the scraping was banned?

By visiting the account and noticing that it still has activity long after the report.

Half the time they literally say it in the email. I just looked in my spam folder and just a few hours ago got an email titled "Your profile: Github", that started with:

> I came across your profile on GitHub. Given you're based in the US, I thought it might be relevant to reach out. > > Profile: https://github.com/tedivm

They aren't doing anything to hide it.

But hold on.

They could have git cloned your repo, used or otherwise analyzed your code which follows TOS then used the local git repo to pull your email address.

How is GitHub responsible here?

They could have, but it seems unlikely they targeted one or two repos and probably cloned thousands or more.

That identifies the company that sent the email not the github account that scraped it

GH literally say in a parent comment:

> we can (and do) take action against those accounts including banning the accounts

That they use some of their trillion dollar marketshare to solve it, why are you acting like this is a hard problem? It's not. They're just too cheap and greedy to do anything about it.

Trillion dollar marketshare? How big do you think GitHub is?

GitHub is wholly owned by Microsoft, which has a 3 trillion market cap

When I left, GH was valued at around $40 billion. Above the $8B they were purchased for. Well below $1T that is claimed

Even if they were valued around $100million they would still have more enough resources to solve this problem. Stop excusing companies that hate hiring people and are so greedy they would rather punt this problem to the commons fucking over an entire community that literally enabled them to exist.

Come on here, even Meta hires people in Kenya to look at CP and snuff films to label this stuff. Meta! They literally profited off of a genocide and they still know how to do this.

Excuse after excuse for these greedy companies.

One would expect people on Hacker News to know that a single business division doesn't have direct access to the funds of other business divisions of the same corporation.

One would expect people on HN should know that companies subsidize failing BU all the time with their profitable BUs.

Sorry but why are you making excuses for these insanely greedy companies that don't want to hire people to solve a basic problem?

How small do you think Microsoft is??!

GitHub is not all of Microsoft.

How did you connect joe@legitbusiness.com, where spam usually originates from for me (hacked email accounts), to a specific github user account that was used to scrape the data, which microsoft can choose to ban? And that's assuming they believe you're being truthful and not simply angry with the user whom you're reporting

As others have noted, the emails frequently include the sender's actual GitHub username or organization in the body or signature.

Attribution isn't speculative. The DKIM/SPF headers show the messages are authenticated and sent through the company's own mail servers, signed by their domain. These are not spoofed "joe@legitbusiness.com" messages. I include the original headers in every abuse report.

In several cases I've engaged directly. One founder replied to my "stop spamming" email and later sent me a LinkedIn request. When the name in the signature, the GitHub profile, the authenticated sending domain, and the LinkedIn account all align, the hacked-account explanation no longer fits the facts.