I'm confused. How do you know what account scraped your email address from github in order to send you an email?

Or do you mean going after the accounts of companies that make use of a likely scraped email address? That's not a bad idea either, but it has risks and isn't the same thing.

How do you propose GH take action without risking taking down legitimate projects due to brigades of false reports?