Protecting your commit email on GitHub

If you want to protect your private email in a commit from being exposed, GitHub has provided a way to do that. GitHub supports an no-reply email address that can be specially used as your commit email address.

To use the noreply email, you need to set up both in the GitHub and in your local Git.

GitHub: Setting your commit email address provides a step-by-step instructions how to do that. It’s simple.

GitHub settings

GitHub > Settings > Emails > Check Keep my email addresses private and Block command line pushes that wxpose my email option in the bottom of the page, then it display the noreply email as below:

:ballot_box_with_check: Keep my email addresses private

We’ll remove your public profile email and use xxxxxxx+[username] when performing web-based Git operations (e.g. edits and merges) and sending email on your behalf. If you want command line Git operations to use your private email you must set your email in Git.

:ballot_box_with_check: Block command line pushes that expose my email

If you push commits that use a private email as your author email we will block the push and warn you about exposing your private email.

Local Git setting

Run below command to configure your commit email with the noreply email:

$ git config --global xxxxxxx+[username]


For commits you made prior to changing your commit email address are still associated with your previous email address. That means the commit email in those commit are not protected.


In fact, Git does not check whether the email is a valid one or not. Of course you can use a fake one, but noreply email is a better choice, it clearly indicates that.


GitHub: Setting your commit email address