Email Intake

To make it easier for researchers to report bugs, you can set up your program to receive email submissions. Anyone who wants to report a bug can simply send an email to your organization. Crowdcontrol will take care of everything else.

Important Notice-Email Intake Availability: Email Intake is only available for customers with a Vulnerability Disclosure Program (VDP). If you are considering using Email Intake, please contact your Account Manager or send an email to sales@bugcrowd.com.

Setting Up Email Submissions

To set up email submissions, all you have to do is contact your Account Manager. We’ll handle almost everything for you, including setting up a dedicated email for you to receive submissions and enabling forwarding support if you need it.

You will be able to find your dedicated email address by following the steps below:

  1. Navigate to the Program Settings page. settings

  2. Select the Integrations tab. integrations-tab

  3. Click the Add Integration button for Email Intake. add-integration

  4. Find a dedicated email intake address at the top (highlighted in the image below). integration-settings

Once you’re all set up, all you have to do is share the email address through your regular disclosure channels, such as your security webpage or disclosure program. When someone reports a bug to the email address, a submission will be automatically created in Crowdcontrol for you to review. created-submission

Action Required-Email Intake Set-Up: To set up Email Intake, contact your Account Manager or send an email to sales@bugcrowd.com.

setup

You will know Email Intake is enabled when you see the following message on the Email Intake Integration Settings page: Please contact support@bugcrowd.com to disable this integration (See Image Below)

enabled

Email Forwarding

To help you track and reward submissions sent to an email other than the one provisioned by Bugcrowd, you can enable forwarding support. Forwarding support enables you to send a claim ticket to the original sender of the email.

For example, if your support organization receives an email that details a vulnerability, they can forward it to the provisioned email (for example, 12345@submit.bugcrowd.com). The email is processed and a claim ticket is sent to the original sender, not the support organization.

Action Required-Enabling Email Forwarding: If you’d like to enable forwarding support, contact to your Account Manager.

Understanding How Email Submissions Work

Email submissions are enabled on a per program basis. Your account manager will set up your program with an email address, which will be something like uuid@submit.bugcrowd.com.

When you receive an email at the provisioned address, a submission will automatically be created in Crowdcontrol and will use the following information:

  • The email subject as the submission’s title.
  • The email contents of the email will appear in the submission’s description.

All you have to do is log in to Crowdcontrol to view and manage the submission as you usually would.

Claiming Submissions

When a submission is received via email, a claim ticket is sent back to the sender. Claim tickets allow researchers to associate a submission with their Bugcrowd account so that they can receive points and discuss their findings with you. Once a researcher claims a submission, Crowdcontrol will update the submission with the researcher’s username. All unclaimed tickets will have “Known-issues” as the username.

Important Notice-Communicating with Researchers: You will only be able to communicate with the researcher through Crowdcontrol if they claim the submission.

Customizing Your Claim Tickets

Bugcrowd provides a claim ticket template that you can customize with a logo and text.

Action Required-Customize Your Claim Ticket: Contact your Account Manager if you want to add a logo or any text to your claim tickets.


Onboarding
Account Management
Program Management
Reporting
Submission Management
Integration Management