- Setting Up Email Submissions
- Email Forwarding
- Understanding How Email Submissions Work
- Claiming Submissions
Important Notice-Email Intake Availability: Email Intake is only available for customers with a Vulnerability Disclosure Program (VDP). If you are considering using Email Intake, please contact your Account Manager or send an email to firstname.lastname@example.org.
Setting Up Email Submissions
To set up email submissions, all you have to do is contact your Account Manager. We’ll handle almost everything for you, including setting up a dedicated email for you to receive submissions and enabling forwarding support if you need it.
You will be able to find your dedicated email address by following the steps below:
Navigate to the Program Settings page.
Select the Integrations tab.
Click the Add Integration button for Email Intake.
Find a dedicated email intake address at the top (highlighted in the image below).
Once you’re all set up, all you have to do is share the email address through your regular disclosure channels, such as your security webpage or disclosure program. When someone reports a bug to the email address, a submission will be automatically created in Crowdcontrol for you to review.
Action Required-Email Intake Set-Up: To set up Email Intake, contact your Account Manager or send an email to email@example.com.
You will know Email Intake is enabled when you see the following message on the Email Intake Integration Settings page: Please contact firstname.lastname@example.org to disable this integration (See Image Below)
To help you track and reward submissions sent to an email other than the one provisioned by Bugcrowd, you can enable forwarding support. Forwarding support enables you to send a claim ticket to the original sender of the email.
For example, if your support organization receives an email that details a vulnerability, they can forward it to the provisioned email (for example,
email@example.com). The email is processed and a claim ticket is sent to the original sender, not the support organization.
Action Required-Enabling Email Forwarding: If you’d like to enable forwarding support, contact to your Account Manager.
Understanding How Email Submissions Work
Email submissions are enabled on a per program basis. Your account manager will set up your program with an email address, which will be something like
When you receive an email at the provisioned address, a submission will automatically be created in Crowdcontrol and will use the following information:
- The email subject as the submission’s title.
- The email contents of the email will appear in the submission’s description.
All you have to do is log in to Crowdcontrol to view and manage the submission as you usually would.
When a submission is received via email, a claim ticket is sent back to the sender. Claim tickets allow researchers to associate a submission with their Bugcrowd account so that they can receive points and discuss their findings with you. Once a researcher claims a submission, Crowdcontrol will update the submission with the researcher’s username. All unclaimed tickets will have “Known-issues” as the username.
Important Notice-Communicating with Researchers: You will only be able to communicate with the researcher through Crowdcontrol if they claim the submission.
Customizing Your Claim Tickets
Bugcrowd provides a claim ticket template that you can customize with a logo and text.
Action Required-Customize Your Claim Ticket: Contact your Account Manager if you want to add a logo or any text to your claim tickets.