Bug Bounty Program
Hello, researcher!
Protecting our community's privacy and security is among our highest priorities. Help us track down vulnerabilities and get paid a bounty.
We invite security researchers to investigate vulnerabilities in EasyDMARC, so long as your research follows this responsible research and disclosure policy.
What you need to do
- Avoid harm or risk to EasyDMARC, our users, or third parties.
- Don't disclose without our agreement.
- Report through a legitimate channel.
What you can't do
- No privacy violations.
- No deletion or damage of resources.
- No lasting harm.
- Nothing that degrades our service.
- No creation or sharing of inappropriate content.
- No targeting our staff, investors or physical environment.
How we'll respond
If you follow these guidelines we commit to:
- Not pursuing or supporting legal action related to your research.
- Working with you to understand issues, and resolve them if EasyDMARC considers it necessary.
- Taking steps to make it known that your actions were conducted in compliance with these guidelines if a third party initiates legal action against you in connection with activities in our programs scope.
Rewards
As part of encouraging security researchers to put our security to the test, we offer a variety of rewards for doing so if:
- The reported vulnerability is verifiable
- It hasn't been reported already
- You've conducted your activities in a manner consistent with our guidelines
Rewards are provided at EasyDMARC's discretion based on the severity of the bug and the quality of the report.
Report a Vulnerability
Success!
Your report has reached our support team.
Expect an email about the next steps in 1-2 weeks.