Report a vulnerability
We do our utmost to protect our users' data. We are deeply grateful for any insights you might provide that will help us strengthen our security.
Report a vulnerability
Have you found a security flaw in our product? Please let us know as soon as possible by submitting your report to [email protected].
What your report should contain:
- Describe the location the vulnerability was discovered and the potential impact of exploitation.
- Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful).
- Be in English, if possible.
Here's what happens when you report a security flaw:
- We'll acknowledge your report, usually within 72 hours.
- We'll investigate the issue and determine how it impacts our product. Here, we'll keep an open dialog to make sure that we fully understand the impact.
- We won't disclose the issue until it has been thoroughly investigated and patched.
Scope
Disqualifiers:
The following test methods are not authorized:
- Attempting to access other users' accounts.
- Network denial of service (DoS or DDoS) tests or other tests that impair access to or damage a system or data.
- Physical testing (e.g., office access, open doors, tailgating)
- Social engineering or any other non-technical vulnerability testing.
- Phishing attempts towards any staff at Mailflow.
- Automated vulnerability reports.
- Spamming, mailbombing, brute-forcing, or automated attacks.
- Leaking, manipulating, or destroying any user data.
- Harmful or non-good-faith testing.
Safe Harbor
If you make a good-faith effort to comply with this policy, we'll consider your security research to be authorized. When you submit a report, we'll work with you to resolve the issue quickly.