I recently noticed that an YC company (Run ANywhere, W26) sent me the following email:
From: Aditya <aditya@buildrunanywhere.org>
Subject: Mikołaj, think you'd like this
[snip]
Hi Mikołaj,
I found your GitHub and thought you might like what we're building.
[snip]
I have also received a deluge of similar emails from another AI company, Voice.AI (doesn't seem to be YC affiliated). These emails indicate that those companies scrape people's Github activity, and if they notice users contributing to repos in their field of business, send marketing emails to those users without receiving their consent. My guess is that they use commit metadata for this purpose. This includes recipients under the GDPR (AKA me).
I've sent complaints to both organizations, no response so far.
I have just contacted both Github and YC Ethics on this issue, I'll update here if I get a response.
The fundamental nature of Git makes this pretty easy for folks to scrape data from open source repositories. It's against our terms of service and those folks might want to talk with some lawyers about doing it - but as every Git commit contains your name and email address in the commit data it's not technically difficult even if it is unethical.
From the early days we've added features to help users anonymise their email addresses for commits posted to GitHub. Basically, you configure your local Git client to use your 'no-reply' email address in commits and that still links back to your GitHub account when you push: https://docs.github.com/en/account-and-profile/reference/ema...
I think that's still probably the best route. We want to keep open source data as open as possible, so I don't think locking down API's etc is the right route. We do throttle API requests and scraping traffic, but then again there have been plenty of posts here over the years from people annoyed at hitting those limits so it's definitely a balancing act. Love to know what folks here think though.
This isn't my experience. I requested that you looked into a spammer in July 2025, you ignored my reply and the account is still active.
----
Thank you so much for the report. We're sorry to hear you're receiving unwanted emails, but it's always a possibility when your public contact information is listed on the web. You can keep your email address private if you wish by following the steps here:
Setting your commit email address
We do expect our users to comply with our Terms of Service, which prohibits transmitting using information from the GitHub (whether scraped, collected through our API, or obtained otherwise) for spamming purposes. I'm happy to look into it further to see if we can contact the reported user and let them know that this type of activity is not allowed.
Please let us know if you have any other questions or concerns.
----
My reply which was ignored:
----
I understand it will happen from time to time. I'd rather be contactable (I've received legitimate emails today because my email is on my profile).
Please take further action. My email is public with the expectation that the ToS will be enforced. If GitHub isn't discouraging spammers then it makes it much harder to justify being contactable.
All the best, David
As recently as a year or so ago, at least, you could list repo stargazers through their graphQL API and get a TON of email off that depending on the user settings.
Please keep reporting spammers, usually it works.
I've had decent success with on-GitHub action (I'd wager ~80% action taken), but the effort to report email spammers doesn't seem worthwhile.
And yes of course they can also stop a specific spammer. But that spammer may pick up another account and email.
I even wrote about a specific example of a YC company spamming me from my GitHub email at https://benword.com/dont-tolerate-unsolicited-spam
Or do you mean going after the accounts of companies that make use of a likely scraped email address? That's not a bad idea either, but it has risks and isn't the same thing.
> I came across your profile on GitHub. Given you're based in the US, I thought it might be relevant to reach out. > > Profile: https://github.com/tedivm
They aren't doing anything to hide it.
They could have git cloned your repo, used or otherwise analyzed your code which follows TOS then used the local git repo to pull your email address.
How is GitHub responsible here?
> we can (and do) take action against those accounts including banning the accounts
It's one thing to offer anonymous e-mail addresses, but it's also awesome that GitHub can help prevent mistakes that would otherwise leak a user's e-mail address. I am not sure how many people try to be privacy conscious on GitHub, but I assume most users don't, so it's nice seeing this little feature exist.
And not all devs want or need anonymity on github.
In general just because information is publicly accessible in some form doesn't make it okay or legal to abuse it (accessible doesn't mean any form of usage rights are transferred to you weather it's in context of GDPR or in context of copy right).
How do I report that person, though? Your support page about reporting abuse assumes I know the person's Github account: https://docs.github.com/en/communities/maintaining-your-safe...
I think it's pretty clear you need to use an anonymization scheme in the way commits are handled so that it links back to your github account and the email addresses are kept private.
Privacy centric companies like Apple do this for users offering hashed emails, on a per login basis.
I'm sure this would not work in a world of scraping, but having that kind of ability to figure out bad actors would be nice. You could require authenticated users for certain kinds of requests, and block user information from non-authenticated requests.
[0] https://docs.github.com/en/account-and-profile/reference/ema...
* This is an optional feature via git config, with a further GitHub setting to reject commits pushed using your personal email address.
* If the GitHub setting is disabled, some GitHub-generated commits/fixups use your personal email (e.g. squash merge in the GitHub UI).
* I use my personal email in file-level copyright headers, even if the commits use the GitHub noreply email.
* I have my personal email on my GitHub profile, visible to logged in users.
Tonho<tonho@tonho.wtf>
Hey, I found your GitHub profile and thought you might find this useful.
I've been building Omniget, a desktop downloader that works with YouTube, Telegram, Udemy, Hotmart and 1000+ other sites. It's open source and built with Rust and Tauri.
The part I'm most proud of: you don't even need to open the app. Just press a hotkey and it grabs whatever video you're watching.
I've been working on this for a while now, even got an artist to design a mascot. I'm shaping the app based on feedback from people who actually use it, so if you have any thoughts I'd love to hear them.
Here's the repo: https://github.com/tonhowtf/omniget
Thanks for your time!
Tonho
I did a quick scan of the ToS and all I could find was D8 that states that autmated access (scraping) used for "AI" applies a reciprocal license that prevents the scraper from restricting GitHub's access to the data (the whole model? the weights?) resulting from the scraping.
This makes it sound like any model trained on GitHhub content cannot be commercialized, because charging for access to the output would be a "technical or other limit"... So you're obviously not really enforcing this, otherwise MS would be suing every big commercial model out there!
If someone wants to message someone, it goes through github notifications or github emails them
Also banning an account doesnt seem like a heavy punishment, given they can simply move to gitlab, bitbucket etc
To his point, you can set that to the no-reply email address GitHub gives you if you don't want mail but do want the commit to be linked to your GitHub account.
[0]: https://git-scm.com/docs/git-commit#_commit_information
You can mask your email address in git commits but a lot of open source projects won't accept that. And some pseudo-open-source ones insist on sending you an email to authenticate before they'll give you access to the GitHub repo (looking at you Unreal Engine!)
So, no, I don't think they could simply "not show the email address".
[1] In practice, it's a bit more complicated. Merkle trees are involved, so it's hashes of hashes of hashes instead of hashing a multi-gigabyte blob on each commit, but that's a performance optimization that doesn't affect semantics much.
There's never been an obligation to use a real email address for git
"What you are doing is against Github's TOS"
Usually starts with contacting them over email reminding them of the terms of service and warning them to stop. Then their account might get deactivated and they need to write and promise to not be naughty again. If they ignore that then the account gets removed.
There are a bunch of automated checks that are running all the time as well and will take automated action that then gets later reviewed by humans. At lot of times the process is fast-tracked.
The off-platform 'let's scrape a bunch of data and then spam nice people' is the hardest to police. Linking those mails to an offending GitHub account is hard and very manual, also anyone can send emails saying they are someone they are not and because of that anyone can deny they sent the mail and they'll usually blame a rogue agency they where working with etc.
I probably shouldn't say it, but the public shame that comes from being mentioned on social, in hacker news etc. That stops people who want to be treated as legitimate from doing that sort of thing and helps educate the wider community around what is and isn't acceptable behaviour - that is why it's good to see this thread and see the issue getting attention.
Having said that, there are big corps who have been known to use the CFAA as a way to coerce the long arm of the law upon teenagers and geeks hacking away - not always a great thing either IMO.
This would be a gross miscarriage of justice and bringing successful action under this theory would do widespread harm by expanding the definition of the CFAA.
Just because a company can take some nuclear action, doesn't mean they should.
kettle, pot, black?
I received the following offical spam last week from GitHub:
> Build AI agents with the new GitHub Copilot SDK
despite never granting consent for marketing material
(and yes, there's a GDPR complaint now working its way through the national regulator)
I will pay more for GitHub if you go hard on these mfs.
Mind fixing lucidrains account? Something happened without notice or recourse. He's one of, if not the most well known open source AI researchers on the planet, with implementations and explanations of papers and ideas that are wonderful. If you could bring some sanity to that situation and take it out of whatever kafkaesque account purgatory it fell into, you'd be doing the work of angels.
Thanks!
but areas i am familiar with can consider a negative reference to be defamation, thus anyone providing a negative reference should only do so if they are able to defend it (i.e. prove their statement is substantially true, or prove that the statement was honestly believed to be true and published with no malice or reckless disregard).
seems risky, at least, to build a whole business around negative references that could potentially cross the line into defamation. but that type of thinking is probably why i am not rich.
A blacklist seems dubious. I’d advise the founders to get counsel on their obligations under the FCRA, which they may be construed to be regulated by.
That said, I believe "Bad News" is an AI hallucination. The most similar company I can find historical news is "Peeple"[0], which was not funded by YC. YCombinator's only known association with a blacklist that I can find was a blacklist of VC's that were accused of harassing female founders[1].
0: https://archive.is/r9UQo
1: https://archive.is/17Ans
yes, but i am not sure why this matters here. i am not aware of negative references, in general, being illegal under any of those definitions of illegal.
no one would say regular speech is illegal just because it can be subject to a defamation lawsuit. same logic.
but i agree, if it is a real business, it seems exceptionally risky.
It's more than just "subject to a defamation lawsuit" (including class action lawsuits). Although for me, even if it were "just that", I'd still call it "potentially illegal". Rather, they'd potentially face FTC penalties and CFPB enforcement actions under 15 U.S.C. section 1681d(a), (b).
This law would likely classify such a company as falling under laws pertaining to "investigative consumer reports" under FCRA. This is any report on someone's "character, general reputation, personal characteristics, and mode of living" used for the purposes of employment, loans, housing, etc.
> A consumer reporting agency shall not prepare or furnish an investigative consumer report on a consumer that contains information that is adverse to the interest of the consumer and that is obtained through a personal interview with a neighbor, friend, or associate of the consumer or with another person with whom the consumer is acquainted or who has knowledge of such item of information, unless—
> (A) the agency has followed reasonable procedures to obtain confirmation of the information, from an additional source that has independent and direct knowledge of the information; or
> (B) the person interviewed is the best possible source of the information.
They'd find themselves subject to legal penalties under:
FCRA Willful Noncompliance (15 U.S. Code § 1681n) (if they did not disclose their existence/use/content of reports to employment candidates)
FCRA Negligent Noncompliance (15 U.S. Code § 1681o) (if they made somewhat reasonable but insufficient efforts to comply with the FCRA)
or
Administrative Enforcement (15 U.S. Code § 1681s)
and be subject to fines up to $4,700 per violation plus actual damages, plus punitive damages, plus legal fees. State Attorneys General can also bring FCRA lawsuits on behalf of their constituents, not just the federal government. FTC / CFPB can name the founders individually in the lawsuits, not just their corporate entity, and ban[1][2] them from operating any similar businesses in the future.
That all said, to some extent, YCombinator partners are on the record[3] supporting the idea of their startups sometimes doing illegal things. Generally they'll frame this as challenging outdated regulations, but they acknowledge that the founders whose strategies they fully support sometimes come into office hours and discuss how they're worried that the strategy puts them at risk of going to jail.
0: https://www.law.cornell.edu/uscode/text/15/1681d
1: FTC v MyLife.com, Inc., and Jeffrey Tinsley (CEO): https://www.ftc.gov/news-events/news/press-releases/2021/12/...
2: https://www.ftc.gov/legal-library/browse/cases-proceedings/b...
3: https://www.youtube.com/watch?v=Hm-ZIiwiN1o&t=8m46s
i stand corrected in the hypothetical "bad reference aggregator company" scenario.
>YCombinator partners are on the record[3] supporting the idea of their startups sometimes doing illegal things.
interesting, thanks for surfacing that up! i wont pretend to be surprised, though.
"John is a bad person, and you shouldn't hire him" wouldn't be defamation.
from gov.uk:
>"If you think you’ve been given an unfair or misleading reference, you may be able to claim damages in court. Your previous employer must be able to back up the reference, such as by supplying examples of warning letters.
You must be able to show that:
- it’s misleading or inaccurate
-you ‘suffered a loss’ – for example, the withdrawal of a job offer"
which means, if the reference is not misleading and not inaccurate, a negative reference is ok. other uk-based law firms (from a quick google) agree with this interpretation.
in my comment, i was speaking more generally than i should have, and that (obviously, in hindsight) caused some confusion between the specific case of the hypothetical company, and the general case of an employer providing a negative reference. my bad -- and it is too late to edit to provide clarification.
That being said, it wouldn't entirely surprise me if somebody's tried to start the tech equivalent of the casino "Black Book".
https://en.wikipedia.org/wiki/Black_Book_(gambling)
> Y Combinator is starting a blacklist for venture capitalists accused of sexual harassment: "'We don’t call it a blacklist, but that is essentially what is happening,” Kat Manalac, a partner at the influential start-up incubator Y Combinator, said of the blast email.
https://www.forbes.com/sites/lorenfeldman/2017/07/17/todays-...
There are some mentions online of a Y Combinator startup called Bad News, but nothing official or well-documented shows up in public YC lists or press — at least as of the latest searchable sources.
The only place it’s referenced is in a Hacker News thread where someone claimed there was a YC company whose product was a blacklist of employees so other startups wouldn’t hire them, and they said the name was Bad News. But people in that thread couldn’t find any evidence of it, and there aren’t real search results tying that name to an official YC company on YC’s site, their startup directory, or mainstream reports.
Oh come on.
Cold emailing rarely works by itself. Cold emailing developers via emails you pulled from their GitHub accounts? At that point, you're actively harming your brand, and may as well just send them spam diet pill ads.
If it's obviously just a bot scraping emails and sending generic job requests, that's very different.
It's not even that nice. They scrape emails and send cold calls to try to get you to purchase their services.
You searched for people who do what you need to have done, found me, looked at what I've worked on and determined I'd be a good fit and you reached out? That's the number one way to get me to want to work for you.
No, their email templating tool finds an old throwaway repo you did 6 years ago, templates its name into a form email, and invites you to join a cattle call to be whiteboarded along with the rest of the shmucks
From: henry@joincactuscompute.com
Hey,
I hope all is well with you, just reaching out as you seem to be interested in on-device speech models.
Cactus is a low-latency AI engine for consumer devices like phones, Macs, wearables, Raspberry Pis, etc.
We support transcription models like Whisper & Parakeet, benchmarks available in the attached GitHub repo.
GitHub: https://github.com/cactus-compute/cactus
We are keen to get your feedback, and star if feeling generous.
Thanks a million
A 419 scam?
https://news.ycombinator.com/item?id=9332418 (11 years ago)
https://news.ycombinator.com/item?id=20660624 (7 years ago)
https://news.ycombinator.com/item?id=27855152 (5 years ago)
https://news.ycombinator.com/item?id=30900237 (4 years ago)
Seems it’s a reoccurring issue
From: james@techglobal.website Quick note – your GitHub profile Hi X,
I came across your profile on GitHub. Given you're based in the US, I thought it might be relevant to reach out.
Profile:
I run a technical team (full-stack, cloud, DevOps) that delivers for clients. We're looking to work with an engineer based in the US on client-facing coordination—discovery, requirements, alignment—while we handle delivery. If that might be relevant, I'd be glad to set up a short call.
Regards, James
If I had to guess, "James" is a North Korean looking to scam US clients, based on my experience with shady actors.
From: james@techglobal.website Brief note – Following up on your GitHub work
Hi ,
I came across your profile on GitHub. Given you're based in the US, I thought it might be relevant to reach out.
Profile:
I run a technical team (full-stack, cloud, DevOps) that delivers for clients. We're looking to work with an engineer based in the US on client-facing coordination—discovery, requirements, alignment—while we handle delivery. If that might be relevant, I'd be glad to set up a short call.
Best, James
> Please tell us about a time you most successfully hacked some (non-computer) system to your advantage:
I suspect it can be an excellent barometer of someone's:
- alignment in terms of pro-social vs. anti-social
- decision making under desperation
- "social filter": threading the line between 'interesting'/'compelling' vs. 'off-putting'/'concerning'
which are important signals for evaluating potential future C-suite executives.
Yup, this type of behavior is pretty much as I would expect and it's something I've seen since I first started posting here.
https://news.ycombinator.com/item?id=45357205
Hope they didn’t get too many folks.
Regardless of any claims of having this, I would say this behavior aligns with what I have seen over the last couple decades. I'm more surprised that other people would expect anything different?
I don't like unfettered capitalism, but when I consider economies that have existed over time, it certainly looks like constrained capitalism affords the most freedom.
Sorry but lol you must be new here.
And them claiming "they didn't know" can be dismissed given that many dev on GH have location information set.
It also in general doesn't change anything. the law doesn't care if you know or didn't.
Startups starting out their journey by committing crime is always a grate sign for their trustability.
I feel like if you don't want companies to cold-email you, you shouldn't make your email public. Github provides noreply email addresses for this purpose.
I find it interesting that some fucking spammers think that just because they found out my email somewhere, they should be allowed to waste my time and resources for their shit.
That is explicitly illegal here in EU. Unless I have clearly given you my consent, you are not allowed to spam me. Is informed consent really such a difficult concept to understand?
Scraping emails is also against the GitHub terms of service.
If you don't know what jurisdiction the owner of the email address resides in, it may also be illegal.
So whether it is scraping emails off a website or finding yourself on a private island with beautiful people "made available" to you, "consent" requires more than just having access.
I don’t engage. I mark as spam, block the sender/domain, and move on.
Every day, I get deluged with hundreds of spam and scam emails, often because some knucklehead entered my email in a form (either accidentally, or as a throwaway red herring).
> Some examples of ethical behavior we expect from founders are:
> - Not spamming members of the community
> To maintain our community, if we determine (in our sole discretion) that a founder has behaved unethically during or after YC, we will revoke their YC founder status. This includes access to all Y Combinator spaces, software, lists and events. All founders in a company may be held responsible for the unethical actions of a single co-founder or a company employee, depending on the circumstances.
Edit: Apparently "about a dozen companies"[0] have been booted for ethics violations.
0: https://techcrunch.com/2021/06/09/does-what-happens-at-yc-st...
Ah... but there's the rub.
Define "the community."
Do random GH accounts count as "members of the YC community"?
Sorry, but unsolicited contact, much as I hates, HATESSSS it, is a classic component of any business, and has been, for many decades. I don't think it would be appropriate for a business organization to prohibit its members from engaging in "cold calling," of which, UCE is really an example.
Using the YC branding/name, however, is a different matter.
""" Hi Matt,
I found your GitHub and thought you might like what we're building. We're developing an open source SDK that runs LLMs directly on-device.
We're getting about 45 tokens per second on iPhones, with support for Swift, Kotlin, React Native and Flutter. There's also a fully offline voice pipeline built in, so everything runs locally. We recently got into Y Combinator and are focused on expanding support to more edge devices and continuously improving performance.
If you're curious, here's the repo: github.com/RunanywhereAI/runanywhere-sdks
Feel free to reply to this email with any feedback or ideas you'd like to explore with on-device AI, or if you'd be interested in contributing. I'd love to hear your thoughts.
Best, Aditya """
Just to share the entire email, I think it's pretty well written, I went ahead and talked to the team, they were very curious and took my feedback regarding their flutter sdks very seriously, and they seem to be great people. Also, just an fyi, I tried their sdks, it's great! and I've been loving their apps as well.
I think their team is great, and I asked them for adding the rag implementation, they did it in less than week and it's pretty impressive. I think it's worth checking it out, It's easier to demean someone in public like that but might be worth checking.
And they are using a different domain for the emails so the spam markers don’t hit their primary domain.
You mention GDPR, which also "applies" to me, though I wonder if what they're doing is actually illegal. I mean, after all, I'm putting my email on GitHub precisely to give people a way to contact me.
Of course, I do that naïvely, assuming good faith, not expecting _companies_ to use it to spam me. So definitely what they're doing is, at the very least, in poor taste.
They’re not only looking at the public email in your profile, they’re also looking at your committer email (git config user.email). You could argue that you’re not putting that out for people to contact you.
(I’ve used that trick a couple times to reach out to people, too, but never mass emailing.)
It needs to be modified like how individuals can go after telemarketers.
THe US basically has a "private police force" for certain laws, notably the ADA. Many people are against this, I personally think it's a great idea and something countries should be doing a lot more of of.
A lawyer
I sometimes use different git/GitHub addresses depending on who I'm working for or specific projects so I can more accurately detect where data is being scraped from.
Also, spammers generally don't seem to be going to the effort to apply regex filters to the data they've scraped...
But the email I used to interact with the Linux kernel mailing list I had to null route after a while, it got so much spam. I used a throwaway for just that purpose of course, so no big deal.
By far the worst one is always going to be something generic like contact@, but my email provider is very good at filtering out those appropriately. :)
I did YC and now work at a frontier lab.
I've received multiple spam-style emails from (mostly young) current founders tagging me and all other YC-alum at my place-of-work with the profiles of their friends for internship roles, referrals, etc.. Same girl has done it for like 5 different people.
They have this other thing where they reject pushes for the 'known' emails you've told them you have, but kinda seems there should be a setting to do that for any email that is not your noreply private one. is that a feasible thing to ask for?
Of course, there's nothing stopping you from using a git-only email address (nospam-6thbit@yourdomain) and routing that to /dev/null. GitHub can't change email addresses, but you can.
They only do that if you set up that specific email on your account. Not if its 'any email other than the noreply one'.
> When you push to GitHub, we’ll check the most recent commit. If the author email on that commit is a private email on your GitHub account, we will block the push and warn you about exposing your private email.
Perhaps my usecase is niche, but I sometimes work with other git servers from the same machine with different emails and I don't want to set up all those on GH. Global settings don't help here, per-repo settings help but this doesn't come along when you clone a new one.
I immediately realize it's engagement farming + free labor. I said "No thanks."
Got this reply: "(...) I'm looking forward to reviewing your PRs. Feel free to share me any of your questions. (...)"
Apparently, no one read my reply - not even AI. They are automating this shit. It's sad that many fall for it (check their Github repo)
---
Company: Aden (W20)
Contact: Vincent Jiang, Founder
Github: https://github.com/aden-hive/hive
Kernel guidelines now have a more verbose section about tagging: https://www.kernel.org/doc/html/latest/process/submitting-pa...
GitHub hides the emails on their web UI, but nothing stops people from pulling the repository with a Git client and looking at the emails in the commit log after doing so.
When I made a patch to the Linux kernel I did have to use a real email, since you have to send to their mailing list. I used a throwaway email for it, which I have since edited on my mail server config to forward to /dev/null (yes, I'm one of the weirdos still self hosting email in 2026). The amount of spam I got was insane, and not even developer relevant spam.
> I came across your GitHub profile and thought you might be interested in what my team and I are building. We're developing an open source SDK that runs LLMs directly on-device.
What's even more interesting is that both buildrunanywhere.org and runanywheresdk.com show a stock hostinger parking page when accessed in a browser. Something tells me they're intentionally registering these "alternate" domains specifically for spam, to avoid tanking the email reputation of their main runanywhere.ai domain.
I guess I shouldn't be surprised given YC is going all in on AI and most AI companies are no better than the crypto scammers of yesteryear, but still.
> Something tells me they're intentionally registering these "alternate" domains specifically for spam, to avoid tanking the email reputation of their main runanywhere.ai domain
This is a really bad look on them.
https://www.whatsmydns.net/domain-age?q=buildrunanywhere.org and https://www.whatsmydns.net/domain-age?q=runanywheresdk.com
Both these domain were registered only 36 days ago
Their main domain had been around for 6 month (216 days) tho:- https://www.whatsmydns.net/domain-age?q=runanywhere.ai
(I also couldn't see any post created by them on YC checking algolia from their website fwiw)
Seeing their star history on their product, I see some few interesting observations[0] Their star history was almost horizontal between december and february until it got vertical all of a sudden.
[0]:https://www.star-history.com/#runanywhere.ai/runanywhere.ai&...
I looked through their linkedin and found this website owned by them as well https://www.openclawpi.com/ and using the YC brand here as well. (registerered 26 days ago)
This website looks fairly AI generated to me as well and there are some bugs within the original website as well which I am now incredibly more unsure of if generated by AI or not given the similarities between the two websites UI/UX as well.
They're literally hurting their own brand, as well as YC's.
This is not GitHub only, I have got a survey on how my experience interacting with folks on lkml
These providers are the only ones that care about their reputation and thus may take some action. Investors? Nope.
in this example, the email came from buildrunanywhere.org, which is just a parked domain. the real domain is runanywhere.ai, which they arent using for spam.
so, once buildrunanywhere.org has their reputation burned from reports, they will simply register buildrunanywheres.org and start spamming again.
They're getting more aggressive at it too. Just yesterday I received an email from Alignerr (not YC affiliated I think) saying that my sign-up was complete and cheerfully welcoming me to their platform. I had never even heard of them. An automated "job opportunity!" email didn't arrive until 3 hours later, but by then I had already directed some angry words towards their support email.
Other, even less respectable projects are also regularly enrolling my GitHub projects into their platforms, and I have to actively reach out to them to remove it.
I'm so tired of this man. Can someone go and take away these organizations' ability to send emails?
If you're lonely just upload a few AI keywords to a repo. You'll get emails forever.
And I use a different email fromy priority email for GitHub commits since 4 years ago.
So just stop with marketing slop please.
Yes, I work with AI, and I'm becoming pretty good at it.
But this doesn't mean I'm comfortable pushing AI slop into potential users and customers.
I (and they) want to use AI to facilitate their processes, not to ingest slop content.
Side note but the trick I learned, at least with gMail is not to delete the email (which doesn't prevent you from getting new ones), or even reporting as spam (which may or may not work), but instead dragging it into the Promotions tab, into which all future emails from that email address will automatically go. Promotions tab then acts as your Trash.
The quickest way to get me to never do business with you is to send me spam.
HN is deeply skeptical, technical, cynical, sarcastic. It's a great place to learn new things and I've loved it since I found it in 2012.
The current startup climate (not just limited to YC) feels very AI bro YEAHHLETSFUCKINGGOO (and I say this as a founder myself having gone through YC recently in W25).
There are likely marketing email datasets floating around the internet that contain email addresses scraped from commit metadata.
I use a catchall with a specific Git client (not GitHub) email address, and found spam and phishing emails being sent there quite a few times.