Someone is scraping this project's email addresses. Give 'em hell.

Question

Someone is scraping this project's email addresses. Give 'em hell.

ccoenen opened this issue 6 years ago · 10 comments

I'm sure many of you have noticed, that you received a spam mail over the past few days. The sender claims to offer a backup solution. I think snooping email addresses off of github is a terrible way to make contact. In case you wonder how to react: their mass mail service has an abuse contact mail address.

Get in contact with them and complain about the sender. Not much, but better than nothing. Contact is: ~~abusecomplaints @ markmonitor . com (they are only indirectly responsible)~~ . They directed me to the actual mass mailer (Campaign Monitor), you can contact them with spam/abuse issues. Particularly Section 3 (Permission) and Section 4 (Approvals...) of their anti spam policy were violated. You can contact them at domainadmin (at) campaignmonitor (dot) com.

Answer 1 · 2017-12-22T09:51:22.000Z

Hi @ccoenen,

I've seen the email, yes. Very sorry about that. That's not what anyone signed up for when starring this repo.

Dumper.io should not have sent out this unsolicited email. I've reported the owner of the project for abuse to GitHub for scraping the email addresses of the repository's stargazers and will report the email as spam as well. I suggest you and everyone else who didn't appreciate the email does the same.

I understand the Backup project is not currently actively being developed on, but that's not a good reason for people to start sending out emails to its users to sell their own product. Not even if it was an open-source alternative it would have appreciated it, but to sell a product, really? Don't think I'll even consider using it now.

Answer 2 · 2017-12-22T11:26:13.000Z

FWIW, I contacted GitHub about this yesterday as well.

Answer 3 · 2017-12-22T11:57:49.000Z

@stuartellis thanks for picking this up quicker than me :)

Answer 4 · 2017-12-22T11:59:01.000Z

@tombruijn Removed, it was humor at best. But this person does need to be routed through the abuse chain. If I can help (ethically) please let me know.

Answer 5 · 2017-12-22T12:14:48.000Z

@nynhex Thanks. I was willing to keep the comment up for transparency's sake though. Please also refrain from deleting my comments.

Agreed he needs to be routed through the appropriate channels. So please do that rather than anything else you may have considered. (Understand humor isn't carried very well over plain text, unfortunately.)

Please send a message to the email mentioned by this issue author and send a abuse report to GitHub through the contact form https://github.com/contact/report-abuse.

If I read his email correctly he sent it out to 4300+ users based on the amount of stars this repo has (as of writing). Many of which have starred this repo years ago and have probably forgotten about it. So, to sent them an email selling a product may also affect us negatively. Especially since he mentions a problem he's apparently experienced with it? Never seen a bug report about it though.

Please note that I've refrained from mentioning the author's GitHub profile as I don't want to direct any unpleasant messages towards him. I hope everyone can do the same.

Answer 6 · 2017-12-22T12:17:21.000Z

@tombruijn 10-4, and received. I'll be sure to submit an abuse report now. Thanks for bringing this to our attention.

Answer 7 · 2017-12-22T12:21:52.000Z

Just received an update from GitHub about my abuse report when I pressed submit on my previous comment. I really like to keep the activity on this issue to a minimum, just to give updates on this.

Firstly, they advise anyone who really doesn't want to be contacted to set their email address to private, docs here: https://help.github.com/articles/keeping-your-email-address-private

Understandable of course, but I have my email address public, so that people can contact me when they have a problem or want to talk to me about something else. I've received a couple messages from people who didn't want to use this issue tracker, for example. The downside is that people see this as an invitation to send recruitment messages or try to sell me stuff.

Lastly, they say they're going to reach out to the user to "let them know that this type of activity is not allowed." So I hope our problem with his message reaches the email's author.

Answer 8 · 2017-12-23T12:30:07.000Z

I just corrected the abuse email address in the first post, markmonitor got back to me with the abuse contact info for campaignmonitor - the service being used. Here's their

anti spam policy, especially Section 3 (Permission) and Section 4 (Approvals...) were violated.
contact address: domainadmin (at) campaignmonitor (dot) com.

Answer 9 · 2017-12-23T16:06:20.000Z

They are quick with responses :-D

[...]
I have investigated and have since closed the offending customer's account, and so you will not be contacted by [redacted] via our platform going forward.

Answer 10 · 2019-12-09T23:44:33.000Z

This looks like a solved problem to me :) Closing then.