Why doesn't Google always show email addresses in results?

Many sites encode email addresses in JavaScript, use contact forms instead of mailto: links, or render addresses as images to prevent harvesting. These techniques are specifically designed to prevent email discovery — Google's index only contains the HTML content it crawls, so JavaScript-rendered or image-based addresses will not appear in dork results.

What does CAN-SPAM require for cold email outreach?

CAN-SPAM (US law) requires: an accurate From address, a non-deceptive subject line, a physical postal address in the email, a clear opt-out mechanism, and honoring opt-outs within 10 business days. It applies to commercial messages sent to US recipients regardless of where the sender is located. It does not prohibit cold email to business addresses — it sets the rules for how it must be done.

How to Find Email Addresses with Google Dork Operators

Q: Is it legal to find email addresses using Google dorks?

Finding publicly published email addresses via Google is legal — these are addresses the company or individual chose to post on publicly accessible pages. The legal obligations arise in how you use those addresses: CAN-SPAM (US) requires a physical address, honest subject lines, and an opt-out mechanism in commercial email. GDPR (EU/UK) requires a lawful basis (typically legitimate interest for B2B) and a means to unsubscribe. Harvesting emails for spam or selling them to third parties without consent is where legal risk begins.

Q: What is the difference between intext: and site: for finding emails?

site: restricts which domain the results come from. intext: requires the specified string to appear in the page body. For email discovery you typically use both together: site:company.com intext:"@company.com" — find pages on the company's own domain that mention their email addresses in the page text.

Q: Does GDPR apply to B2B email outreach?

GDPR applies when you contact individuals in the EU/UK, including business professionals at work addresses. For B2B prospecting, 'legitimate interest' is the most commonly used lawful basis. It requires that your interest in contacting the person is proportionate, that the person would reasonably expect to be contacted in this context, and that you provide a clear way to opt out. Generic role-based addresses (info@, sales@) carry less personal data weight than named addresses.

By the getdork team — Published June 12, 2026

Google indexes any email address that appears as plain text in a publicly accessible webpage or document. The intext: operator lets you search for the @domain.com pattern directly; pairing it with site: focuses the search on a specific company's own pages. This technique surfaces publicly posted contact addresses, staff directories, and document-embedded emails — all information the organization chose to make visible on the open web.

On this page

How email discovery with dorks works
Step-by-step (6 steps)
Query examples
Limits of this technique
Responsible use: CAN-SPAM and GDPR
FAQ

How email discovery with dorks works

When a company publishes an email address in the HTML of a public page — on a contact page, a staff directory, an about page, a published PDF, or a press release — Google crawls and indexes that text. Because the intext: operator searches the indexed page body, a query like:

site:company.com intext:"@company.com"

returns pages on company.com that contain text matching the @company.com pattern — which is where email addresses live.

This is not a workaround or exploit. It is the same thing as browsing to a company's contact page and reading what is written there — just faster and across multiple pages at once.

Step-by-step: find public emails for a target company

Start with the company's own domain. Use site:company.com intext:"@company.com" to find every indexed page on the domain that contains a company email address.
Target contact and team pages. Contact, staff, and about pages are the highest-yield locations. Add inurl:contact OR inurl:team OR inurl:staff to your query to surface those pages directly.
Check published documents. Annual reports, program guides, and conference materials often list staff emails. Use filetype:pdf intext:"@company.com" to find PDFs that contain the company's email addresses.
Search outside the company's domain. Press releases, government filings, and industry event programs published on third-party sites often include email addresses. Remove site: and search intext:"[email protected]" broadly.
Use role-based patterns as a cross-check. Many companies follow predictable patterns: first.last@, firstlast@, or f.last@. If you find one named email, you can infer the pattern and look for colleagues by name.
Verify before outreach. Addresses found via dork searches may be outdated. Run a quick bounce check or use an email validation service before adding addresses to a campaign.

Query examples

Company contact pages and staff directories

# Find any page on the company domain listing their own emails
site:company.com intext:"@company.com"

# Contact and team pages specifically
site:company.com inurl:contact OR inurl:team intext:"@company.com"

# About or leadership pages
site:company.com inurl:about OR inurl:leadership intext:"@company.com"

PDFs and documents with contact lists

# PDFs on the company domain containing their email addresses
filetype:pdf site:company.com intext:"@company.com"

# Conference or event programs (often list speaker contacts)
filetype:pdf "conference" "2026" intext:"@company.com"

# Government FOIA-released documents often contain agency email addresses
filetype:pdf site:.gov intext:"@agency.gov" "contact"

Mentions across the wider web

# Any page across the web mentioning a company's email addresses
intext:"@targetcompany.com" -site:targetcompany.com

# Trade association or industry body membership directories
intext:"@targetcompany.com" site:industryassociation.org

Limits of this technique

Google will not return emails that are:

Rendered by JavaScript. Many modern sites load contact info dynamically via JS. Google indexes the static HTML, not the rendered output — so JS-injected addresses are invisible to dorks.
Encoded as images. Email addresses displayed as images (common on personal academic sites) are not searchable as text.
Obfuscated in HTML. Techniques like inserting HTML comment tags between characters, using CSS to reverse the text display, or spelling out "at" and "dot" in plain text all prevent the @ pattern from being indexed literally.
Behind a login wall. Any page requiring authentication before Google can crawl it will not appear in results.

For finding emails at scale, dedicated tools (Hunter.io, Apollo, Clay) maintain their own curated databases. Dork searches are best used for targeted research on specific companies or to verify that a found address is genuinely public.

Build these queries faster with getdork.
The query builder handles the operator syntax; you fill in the domain and keywords. Free to generate queries; Pro runs them in-app with results you can export to CSV.

Try getdork free →

Responsible use: public data, real legal obligations

Finding an email address via a dork is the same as reading it off a public webpage — the address was published voluntarily. The legal and ethical obligations come into play the moment you send to that address.

CAN-SPAM (United States)

The CAN-SPAM Act applies to any commercial email sent to US recipients, regardless of the sender's location. Key requirements: use an accurate From/Reply-To, write a non-deceptive subject line, include your physical postal address, provide a clear unsubscribe mechanism, and honor opt-out requests within 10 business days. CAN-SPAM does not prohibit cold B2B email — it governs how it must be sent.

GDPR (EU and UK)

GDPR applies when you email individuals in the EU or UK, including at their work addresses. For B2B outreach, "legitimate interest" is the most-used lawful basis. This requires that your interest in contacting the person is genuine and proportionate, that the contact is relevant to their professional role, and that you provide a clear way to opt out. You must honor opt-outs promptly. Named individual emails ([email protected]) are personal data under GDPR; role-based addresses ([email protected]) occupy a grayer position but are still subject to the law when tied to an identifiable person.

Anti-spam and deliverability

Beyond legal compliance: sending unsolicited mass email to dork-sourced addresses damages deliverability. High bounce rates and spam complaints hurt the sender's domain reputation. Treat found addresses as leads for manual, personalized outreach — not as a list for bulk blasting.

Frequently asked questions

Is it legal to find email addresses using Google dorks?

Yes. Finding publicly listed email addresses via search operators is legal — you are reading information the organization chose to publish on a public webpage. The legal obligations arise when you use those addresses: CAN-SPAM governs commercial email sent to US recipients; GDPR governs outreach to EU/UK individuals. See the Is Google dorking legal? guide for the full legal breakdown.

Why doesn't Google show email addresses in results?

Sites that want to prevent harvesting use JavaScript rendering, image-based display, HTML obfuscation, or plain contact forms instead of posted addresses. If a company actively hides its email addresses from the public web, dork searches will not surface them — and that boundary should be respected.

What is the difference between intext: and site: for finding emails?

site: restricts which domain the results come from. intext: requires the specified text to appear in the page body. For email discovery, use both: site:company.com intext:"@company.com" finds pages on the company's own domain that contain email addresses in their text.

What does CAN-SPAM require for cold outreach?

CAN-SPAM requires: an accurate sender address, a non-deceptive subject line, a physical postal address in the email body, a functional opt-out link, and honoring opt-out requests within 10 business days. It does not prohibit sending unsolicited commercial email to business contacts — it sets the rules for how that email must be structured.

Does GDPR apply to B2B email outreach?

Yes, when you contact individuals in the EU or UK at their work addresses. For B2B prospecting, most organizations rely on the "legitimate interest" lawful basis. This requires genuine relevance to the recipient's professional role and an easy opt-out path. Generic role addresses carry less individual data-protection weight than named addresses, but GDPR still applies when the address identifies a person. When in doubt, consult your legal counsel for your specific situation.

Related guides

How to use the Google site: operator in depth — combine site: with intext: for precision email and contact research.
Google search operators cheat sheet — full reference for all working operators.
What is Google dorking? — the complete introduction to how and why dork queries work.
OSINT for B2B sales: a starter playbook — a broader framework for finding prospect data from public sources.