Reporting Guidelines
- Reach out to [email protected], if you have found any potential vulnerability in our products meeting all the below-mentioned criteria. You can expect a confirmation from our security team in about 72 hours of submission.
- Please refrain from doing security testing in existing user accounts.
- When conducting security testing, make sure not to violate our privacy policies, modify/delete unauthenticated user data, disrupt production servers, or degrade user experience.
- You’re allowed to disclose the discovered vulnerabilities only to [email protected].
- Documenting any potential In/Out of scope vulnerability to the public is against our responsible disclosure policy.
Qualifying Security Bugs
- All bugs that are reported are qualified based on their impact on the customer’s production data.
- We will consider other security vulnerabilities if it is making an impact and exploitable with a working non-intrusive POC.
In Scope Domains
app.mailarrow.com
Bugs Severity
Mailarrow will define the severity of the issue based on the impact and the ease of exploit.
Response Time
Response type | Time |
Acknowledgment | Within 72 hours |
Time taken to resolve | Based on the Severity |
Hall of Fame
We would like to thank the people listed here who have identified and responsibly disclosed security vulnerabilities with Mailarrow.