Does Git publicly expose my e-mail address?

The guides I've read so far on Git say that I should go into the config and specify my name and my e-mail address. They don't elaborate; they just say to do it.

Why does Git need my e-mail address? And, more importantly, if I make my repo publicly available, via GitHub for example, will my e-mail address be visible to everyone (including spambots)?

Update April 2017

See "Private emails, now more private"

> GitHub has supported using an alternate "noreply" email address to author web-based commits for a while now. Starting today, there's another way to ensure you don't inadvertently publish your email address when pushing commits to GitHub via the command line.

> Git uses your email address to associate your name to any commits you author. Once you push your commits to a public repository on GitHub, the authorship metadata is published as well.

> If you'd like to ensure you don't accidentally publish your email address, simply check the "Keep my email address private" and "Block command line pushes that expose my email" options in your email settings.

Note: as commented below by orev, Git doesn't expose anything. GitHub, a Git repositories hosting service, might.
The place where you are pushing your local Git repo can expose metadata.

---

Note: Starting August, 9th 2013, you now can keep your email address private!

That is for web-based GitHub operations though: the commits still contain an email address, which could or could not be the same than the one used for your GitHub account.
See below to "mask" that (git commit) email too.

> Until today, all web-based GitHub Flow used your primary email address. This includes creating, editing, and deleting files, as well as merging pull requests.

> But now you can keep your email address private. To do so, visit your email settings page:

> With this turned on, web-based operations will use a [email protected] email address.

---

If you want to hide your email made from your computer, GitHub now allows you to register different email addresses: see this guide.

You still need to configure your (fake) email in your local repo before pushing back to GitHub, if you want your commits to reflect

git config --global user.email "[email protected]" # Set email to slightly changed value
git config --global user.email # Verify the setting
# [email protected]

Then:

• Go to the Emails setting menu
• Click "Add another email address"
• Enter the fake email (e.g. "[email protected]") and click "Add"

Note that:

> This setting only affects future commits.
If you want to erase your real email address from your repository's commit history, you will have to rewrite your old commits. The easiest way to do this is to:

> Use git filter-branch to rewrite the repository history and Force-push the new history up.

Git uses your email address to identify you, as well as do other tasks (such as sign a tag with a GPG key). Your email address does get embedded as part of your identity in commit logs, etc., along with the name you specify. For example, the "author" field in a commit log would show up as:

Author: Joe White <joewhite@mysite.com>

So the information is available to anyone with a copy of the repo, since it acts as an identifier.

Your email probably won't be visible to spambots, though, unless you use Gitweb, or a service like GitHub, to make your repo available through a web interface (merely putting it on the Internet doesn't do this).

I suppose you could fill in a fake email address or use an empty string or space or something (I don't think Git checks the format or validity of the email), but the email is useful if someone who clones the repo needs to send you a patch or contact you in some way.

GitHub has a help article called Keeping your email address private, which begins:

> Git requires you to identify yourself in order to make commits, but you can hide your contact information by using a fake address. Git itself doesn't care if the email is valid. > > Good to know: Although Git does not care, some projects might not accept contributions from you if your commits do not have a valid email address, so you will want to research your project's contribution policies before following these instructions. > > GitHub does not get many reports of spam being sent to Git commit email addresses, but if you are worried about it, this guide should help you address those concerns.

The guide contains steps how to configure both Git and GitHub to use a fake address.

Yes, the above answers are correct ... except you want to typically have the same email address for all your projects then you would use the command:

git config --global user.email "[email protected]"

You can also edit the .gitconfig file in your home directory, in the user section.

You can specify a different email for a particular project by doing the same command without the global option.

Also, I suggest that you can obfuscate your email if the submits are going to a public area:

briancolfer(at)comcast.net

As an example.

Millions of GitHub commit emails "leaked"

https://github.com/cirosantilli/all-github-commit-emails extracted from GitHub Archives https://www.githubarchive.org exports commit.

GitHub Archive gets data from GitHub's events API: https://developer.github.com/v3/activity/events/types/#pushevent and exports it to Google BigQuery hourly which makes it easier to query.

Emails used to be shown on events of type PushEvent, but they stopped after I did this.

I don't think commit emails show anywhere on GitHub's web interface (except the email you set in your GitHub profile, and that only shows for logged in users as of 2022), so any collection is limited by the API rate limiting. TODO: how much time to collect 1M emails via API from scratch.

Practical way to get someone's commit email with the API

ghmail() { curl "https://api.github.com/users/$1/events/public" | grep email; }
ghmail cirosantilli

or visit: https://api.github.com/users/cirosantilli/events/public

There are also:

• apps for that: <https://github.com/mmautner/github-email-thief>
• more advanced scripts for that: <https://github.com/hodgesmr/FindGitHubEmail>

The Git commit data structure has an explicit author and committer email field

Shown at: https://stackoverflow.com/questions/22968856/what-is-the-file-format-of-a-git-commit-object-data-structure/37438460#37438460

Therefore it is clear that this information is added to commits by default.

You can retroactively change the author name, email etc. BEWARE that doing the following can corrupt your history.

#!/bin/sh

git filter-branch --env-filter '

an="$GIT_AUTHOR_NAME"
am="$GIT_AUTHOR_EMAIL"
cn="$GIT_COMMITTER_NAME"
cm="$GIT_COMMITTER_EMAIL"

if [ "$GIT_COMMITTER_EMAIL" = "[email protected]" ]
then
    cn="Your New Committer Name"
    cm="Your New Committer Email"
fi
if [ "$GIT_AUTHOR_EMAIL" = "[email protected]" ]
then
    an="Your New Author Name"
    am="Your New Author Email"
fi

export GIT_AUTHOR_NAME="$an"
export GIT_AUTHOR_EMAIL="$am"
export GIT_COMMITTER_NAME="$cn"
export GIT_COMMITTER_EMAIL="$cm"
'

Taken from here

GitHub has a help section about setting your email address.

Specifically it says:

> Good to know: You don't have to give a valid email. If you're concerned about spam, use a fake email instead. [email protected] is a common practice.

Yes, your email address (as specified in git config user.email) will be visible in web interfaces like GitWeb. Also everybody can learn your email address by cloning your repository though this is probably still far beyond spambots. Nobody forces you to use a real email address, though. Git will automatically set a constructed email address if none is given. On my machine without user.email it shows commits by “Foo <foo@daughter.(none)>”.

> if I make my repo publicly available, via GitHub for example, will my e-mail address be visible to everyone

Note: you can also make your repository locally available, through a local gitweb (web frontend to Git repositories, packaged with a regular Git distribution, and which can be installed with git instaweb).

And with Git 2.32 (Q2 2021), "gitweb" learned "e-mail privacy" feature to redact strings that look like e-mail addresses on various pages.

See commit 0996dd3 (28 Mar 2021) by Georgios Kontaxis (kontaxis).
^{(Merged by Junio C Hamano -- gitster -- in commit a9414b8, 13 Apr 2021)}

> ## gitweb: add "e-mail privacy" feature to redact e-mail addresses
> ^{Signed-off-by: Georgios Kontaxis}
> ^{Acked-by: Eric Wong}
> ^{Acked-by: Ævar Arnfjörð Bjarmason}

> Gitweb extracts content from the Git log and makes it accessible over HTTP.
> As a result, e-mail addresses found in commits are exposed to web crawlers and they may not respect robots.txt.
> This can result in unsolicited messages.
> > Introduce an 'email-privacy' feature which redacts e-mail addresses from the generated HTML content.
> Specifically, obscure addresses retrieved from the the author/committer and comment sections of the Git log.
> The feature is off by default.
> > This feature does not prevent someone from downloading the unredacted commit log, e.g., by cloning the repository, and extracting information from it.
> It aims to hinder the low- effort, bulk collection of e-mail addresses by web crawlers.

gitweb.conf now includes in its man page: > ## email-privacy > > Redact e-mail addresses from the generated HTML, etc. content. > This obscures e-mail addresses retrieved from the author/committer > and comment sections of the Git log.
> It is meant to hinder web crawlers that harvest and abuse addresses. > Such crawlers may not respect robots.txt.
> Note that users and user tools also see the addresses as redacted. > If Gitweb is not the final step in a workflow then subsequent steps > may misbehave because of the redacted information they receive.
> Disabled by default.