This is a Hail Mary, but I've found some important email address by running a WHOIS on that person's known web properties. While he may have hidden his registration info for his personal site, he may have slipped up on his project sites
You can also use tools like DomainTools.com to look at historical registration data, their data may be private now but could have been exposed previously.
I've had great luck with this, actually. At the very least there's a chance you'll find some dummy address that forwards to a real address, and get a response that way.
I wanted to contact people from some companies but their email was not in their profiles, I found this script in github https://github.com/laramies/theHarvester which looks for emails given a domain.
Is super useful, even though It wouldn't give me the email I was looking for, it would show me the "structure" used for emails inside the company:
Is super useful, even though It wouldn't give me the email I was looking for, it would show me the "structure" used for emails inside the company:
Based on that I would just guest the email of the person and it used to work perfectly.
I've used this technique a bit, but a word of warning... it's definitely not always the case that all emails in a given firm match "the structure". Usually most of them do, but I have found more than one company with a mishmash of patterns for whatever reason.
Probably the most common thing I've noticed is that "important" people (CEO, etc.) may get a different email, and people with really long name (some Indian names fall into this a lot) may be truncated, or swapped out for just an initial.
Still, other than paying for addresses from Jigsaw or Hoovers, this seems to be about the best approach I've found so far.
Related question: is there a limit on email address length? Like a real fundamental limit, not arbitrary decisions Gmail or Yahoo folks might have come up with.
Header lines are limited to 998 characters (1000 - '\r\n'). Subtract 'To: ' (4 characters) and one practical maximum upper limit is 994 characters including domain.
If I ever get into a situation where I can't figure out the address, I just pick one of my guesses and bcc all the rest.
Sure, they might think it's a little weird if they notice they're in the bcc field, but it sure is a lot easier than sending off a single email and spending the next few days wondering if it actually went through.
There is a catch-all address at my company that goes to our CEO. He forwards me headhunter emails all the time that are addressed to variations of my first and last name. :-/
I'm assuming they used similar tactics to try to find my address
Apart from "the right thing", one might see this particular behaviour as "quite polite".
It is also better for the relationship. It signifies trust. And every time you hold something back (or lie) you risk damaging a relationship. In this instance, a recruiter might reach out to the employee some other way. The recruiter and employee would then figure out that the business owner may have withheld the mail, even though it was clearly addressed to the employee.
"Hi, I'm <x>, I'm trying to send an important email to <y> but it keeps bouncing. Can you confirm I've got their email address correct?"