This likely wouldn’t work with any other webmail provider as well, because even my Hotmail account (which pre-dates my personal domain by about three years) has been purged of anything personal since about 2005, and now exists as a spam honeypot and emergency recovery account for a handful of services that demand one.
Now, if you could scan IMAP folders, then fine. But I have never handed my passwords out to anyone. It’s gotta be a locally-run tool or it’s just not gonna fly with me.
IMAP support is the top request I'm getting. The main challenge is speed, as Gmail API scans 10+ years in ~3 minutes, IMAP would be 30+ minutes. But it's definitely on the roadmap.
Also thinking about a local-only version where everything runs in your browser. Would that work for you, or is IMAP specifically what you need?
For now, I'm focused on the majority use case (Gmail users who don't purge email), but would love your input on what a power-user version should look like if you're interested.
Komieter•1mo ago
So I scanned my email for confirmations and receipts. Found 257 accounts.
One was Wreio - a site I bought a hoodie from in 2023. Turns out it was a scam operation that got exposed for selling customer credit card info. I'd completely forgotten the account existed.
By the time I found out, they'd had my card info for over a year.
Built GhostSweep to help others find these forgotten accounts. Scans Gmail metadata (not content), surfaces forgotten accounts, and provides deletion guides.
Free to scan. Most people find 50-100+ accounts they completely forgot about.
Technical details: - Next.js + Supabase - Gmail OAuth (read-only, metadata only, Google Verified) - Pattern matching on subjects/senders - No AI, just regex and heuristics
Open to feedback, especially around privacy concerns - that's the #1 question I get.
Link: ghostsweep.com