DEV Community


Posted on • Updated on

Keep your email safe on github

I recently decided to take a trip to the spam box in my email, I didn't expect much to be there. Until I saw a single email that stood out.
The email was as follows:

I was just on your Github (went down a Wednesday morning rabbit hole and came up in Monaco Editor stargazers) and loved the profile.
[Insert product advertisement here]

I was like "oh cool product, but not interested" in my head. But then something didn't felt right; how did this person send an email to my personal email, which isn't publicly visible on my github. I checked my account and it was private, I then thought it may be my portfolio that's linked there, but no. Maybe my twitter but also no.
Then it dawned on me. Git commits has your email.
I immediately did some quick research online and git apparently keeps your email when you commit, so I checked my local environment and what did I find, my personal email. I don't know how or when I gave it my personal email but its there.
So here's what I did and I feel like you should do your self if you commit to github or any public repository and value your privacy, based on this page from github you should change your email using the command bellow on any machine from where you commit:

git config --global "YOUR_EMAIL"
Enter fullscreen mode Exit fullscreen mode

Where the YOUR_EMAIL bit should be the noreply email github provides, it should be some where in your email settings in your account.
I hope you find this post informative and if you have any thoughts or insights in this matter do comment bellow. Thanks for reading.

Top comments (2)

ant1ne profile image

Thank you for sharing this tip but how do you find the noreply email provided by github? I cannot find anything in the email settings.

imagineeeinc profile image
Imagineee • Edited

For me in github settings > email settings, somewhere om the page you will find the email in one of the email options. One of the is the primary email address, it says:

Because you have email privacy enabled, youremail@ will be used for account-related notifications as well as password resets. insertNoReplyUsernameHere@ will be used for web-based Git operations, e.g., edits and merges.

I think email address private option should be enabled bellow.