Uptick in spam based on GitHub activity

Supposedly, you can activate "Keep my email addresses private" in https://github.com/settings/emails which should replace your actual email with a GitHub provided relay-address. You can also set that relay-address as your git commit email. It's unclear if the GitHub API will also show that email though, where I think they are getting the emails from in the first place.

What we collectively can do is to send an email to support@github.com every time it happens, with the repositories/email addresses involved in this, and short-term GitHub will remove them from the platform (making it less profitable for them to do so as they'll get removed) and hopefully over time GitHub will improve protecting their users privacy.

Cryptocurrency startup involved in shady marketing practices? I am very surprised.

I don’t think it’s coincidence that stories like this are cropping up shortly after Microsoft started algorithmitizing the GitHub feed. https://www.theregister.com/AMP/2022/03/23/github_for_you/

Seems to me that it’s being transitioned, LinkedIn-style, to a recruitment or marketing-centric tool.

I just have a git@mydomain.com alias that actually doesn't exist. That's my email for git. LOL

As others have said, it may be that your email is still public. Outside that, you should make sure you commit with the GitHub generated anonymous email, which is in the format of @users.noreply.github.com. This will attribute commits correctly to your account, without exposing your email address in the commits.

If your email address is publicly available, then yes, gross people will scrape it and spam you. That goes for everything.

Use the private email options or at least have a unique email for commits that you can easily identify that it came from someone scraping and just filter for it.