Sure, as I said, the entire problem changes if you already know the email addresses. And effectively becomes trivial in the case of one single, known address.
However, looking at the title of the article, that’s not the case: To ‘unscramble’ the hashes to retrieve every email address you need the complete rainbow table.
But if you want to discuss that other problem: that a hash of the email address of a user is not useful to protect the identity of the user, you’re right. In fact, just ask yourself why they would add that hash to the dataset!
If it was meant to be undecipherable and impossible to identify anything, why add it in the first place?
The companies that sell data with hashed email addresses all know that the entire dataset is unusable to most of their clients without an identifier for the users… Hell, even if a buyer doesn’t know the email address itself, it can still correlate data from multiple ‘anonymised’ sources and figure out just about every detail of that person. Except maybe their email address.
And the moment that person identifies him/herself at their site (with an emailaddress, of course), they can hash it and glue the rest of the profile in, no sweat.
