Bug Bounty Program
We invite security researchers to investigate vulnerabilities in EasyDMARC, so long as your research follows this responsible research and disclosure policy.
What you need to do
- Avoid harm or risk to EasyDMARC, our users, or third parties.
- Don't disclose without our agreement.
- Report through a legitimate channel.
What you can't do
- No privacy violations.
- No deletion or damage of resources.
- No lasting harm.
- Nothing that degrades our service.
- No creation or sharing of inappropriate content.
- No targeting our staff, investors or physical environment.
How we'll respond
If you follow these guidelines we commit to:
- Not pursuing or supporting legal action related to your research.
- Working with you to understand issues, and resolve them if EasyDMARC considers it necessary.
- Taking steps to make it known that your actions were conducted in compliance with these guidelines if a third party initiates legal action against you in connection with activities in our programs scope.
As part of encouraging security researchers to put our security to the test, we offer a variety of rewards for doing so if:
- The reported vulnerability is verifiable
- It hasn't been reported already
- You've conducted your activities in a manner consistent with our guidelines
Rewards are provided at EasyDMARC's discretion based on the severity of the bug and the quality of the report.