DNSimple

Send urgent or sensitive reports directly to [email protected]. Use our public key to keep your message safe and please provide us with a secure way to respond. We’ll get back to you as soon as we can, usually within 24 hours. Please follow up or ping us on Twitter if you don’t hear back. For requests that aren’t urgent or sensitive: [email protected].

Tracking and Disclosing Security Issues

If you are interested in executing tests against our systems for your security research, please use our sandbox system rather than our production systems. The sandbox system is running the same web application as production but does not involve production data. You can activate your account on the sandbox system using the credit card number "1" along with a correct expiration date and a CVV code of "111".

We work with security researchers to keep up with the state-of-the-art in web security. Have you discovered a web security flaw that might impact our products? Please let us know. If you submit a report, here’s what will happen:

• We will acknowledge your report and provide a way for you to track your issue.
• We will investigate the issue and determine how it impacts our products. We will not disclose issues until our investigation is finished, but we will work with you to ensure we fully understand the issue.
• Once the issue is resolved, we’ll post a security update along with thanks and credit for the discovery to the first researcher who reported the discovery.
• We use a variety of technology at DNSimple. Security issues may affect any of the various technologies we use. We ask for your patience while we also make sure other companies and their customers are protected. Either way, you will always have a DNSimple contact for your issue.