- Setting Up Email Submissions
- Email Forwarding
- Understanding How Email Submissions Work
- Claiming Submissions
Important Notice-Email Intake Availability: Email Intake is only available for customers with a Vulnerability Disclosure Program (VDP). If you are considering using Email Intake, contact your Account Manager or submit a support ticket through Bugcrowd Support Portal so that your account can be provisioned with an email address.
Setting Up Email Submissions
To set up email submissions:
After selecting the required program, click Settings and then click Integrations.
The Integrations page is displayed.
Click the Add Integration for Email intake.
The Email Intake Settings page is displayed.
Specify the following:
- Integration Status: Select Enabled to enable integration. Else, select Disabled.
- Setup automatic forwarding to Bugcrowd: Automatically forward the new submissions from another email address to email@example.com.
- Allow researchers to claim submissions on Bugcrowd: Send a claim ticket notice to researchers when a new submission is received.
Click Update integration.
The email address assigned for your program is displayed.
You can share this email address through your regular disclosure channels, such as your security webpage or disclosure program. When someone reports a bug to the email address, a submission will be automatically created in Crowdcontrol for you to review.
You will know Email Intake is enabled when you see Connected in the Integrations page:
To help you track and reward submissions sent to an email other than the one provisioned by Bugcrowd, you can enable forwarding emails so that the claim ticket is sent to the original sender of the email.
For example, if your support organization receives an email that details a vulnerability, they can forward it to the provisioned email (for example,
firstname.lastname@example.org). The email is processed and a claim ticket is sent to the original sender, not the support organization.
Understanding How Email Submissions Work
Email submissions are enabled on a per program basis. Your account manager will set up your program with an email address, which will be similar to
When you receive an email at the provisioned address, a submission will be created automatically in Crowdcontrol and will use the following information:
- Email subject will appear in the submission’s title.
- Email content will appear in the submission’s description.
You can log in to Crowdcontrol to view and manage the submission.
When a submission is received through email, a claim ticket is sent back to the sender. Claim tickets allow researchers to associate a submission with their Bugcrowd account so that they can receive points and discuss their findings with you. Once a researcher claims a submission, Crowdcontrol will update the submission with the researcher’s username. All unclaimed tickets will have “Known-issues” as the username.
Important Notice-Communicating with Researchers: You will only be able to communicate with the researcher through Crowdcontrol if they claim the submission.
Customizing Your Claim Tickets
Bugcrowd provides a claim ticket template that you can customize with a logo and text.
Action Required-Customize Your Claim Ticket: Contact your Account Manager if you want to add a logo or any text to your claim tickets.