Skip to main content

Mailbutler Security Vulnerability Program

Overview

Mailbutler is committed to protecting the privacy and security of all the users of our software tools. Our Security Vulnerability Program is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us. We encourage Security researchers to voluntarily report any security vulnerability using this program.

Scope

The scope of the Security Vulnerability Program applies to security vulnerabilities discovered in any of the following software components of the Mailbutler application:

  • Plugin for Apple Mail
  • Browser extension for Google Chrome
  • Outlook add-in

In order to qualify, the vulnerability must exist in the latest public release (including officially released public betas) of the software.

Any component or service not expressly listed above, such as any connected service, are excluded from the scope and are not authorized for testing.

Guidelines

The purpose of this Security Vulnerability Program is to identify security vulnerabilities only. If you encounter any other technical or visual bug relating to the Mailbutler website or Mailbutler software, please use our existing channels or contact our support through support@mailbutler.io

Please refrain from identifying vulnerabilities in connection with the following:

  • Open source libraries
  • Security best practices
  • Bugs requiring exceedingly unlikely user interaction
  • Flaws affecting out-of-date browsers or plugins

 Please refrain from performing the following activities:

  • Social engineering
  • Physical security
  • Denial of Service or otherwise disrupt, interrupt or degrade our internal or external services
  • Spamming and phishing

Do not attempt to gain access or information that does not belong to you, beyond the minimum necessary to demonstrate the vulnerability. Once you establish the existence of the vulnerability, you must stop your test, notify us immediately and not disclose this data to anyone else. 

Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data

How do I report a security vulnerability? 

  • Please send an email to vulnerability@mailbutler.io.
    In your email, please provide concise steps and give as much detail as you cain to reproduce the vulnerability. If you do not wish to be publicly acknowledged or contacted to confirm the issue, you may submit your report anonymously.

  • Please allow us for up to 7 days to investigate and confirm the reported issue. To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.

  • Additionally, please allow us for up to 90 days to resolve the issue before publicly disclosing and discussing it.

Is there a reward for finding a security vulnerability? 

Only non-duplicate vulnerabilities that were not known to us at the time of reporting will be eligible for a reward. Not all issues may qualify for a reward. The validity of a vulnerability and the decision to issue a reward is at the sole discretion of Mailbutler.

Rewards may include: Public acknowledgement (listing at the bottom of this page), coupon codes, and exceptionally monetary compensation.

Questions

If you have any questions about this Security Vulnerability Program, please send an email to vulnerability@mailbutler.io.

Public Acknowledgement 

  • Abin Joseph
  • Faisal Mehmood