What is it?
You can set up emails to be forwarded to your HackerOne inbox to enable report management directly through HackerOne. Hackers that discover these email addresses will be able to submit reports directly to your program as they also get automatically invited to your program.
How Does it Work?
When a hacker discovers a vulnerability and sends their finding in an email to email@example.com:
- Forwarded emails are saved as report drafts in HackerOne's inbox.
- The hacker will receive an auto-response email notifying them that your program uses the HackerOne platform to coordinate vulnerabilities. They can click the Submit Vulnerability Report link.
- The link will prompt the hacker to create a HackerOne account if they don't already have one, or to log in to their existing account.
- After the hacker signs in to the account, the Submit Vulnerability Report button will be available for them to click. Upon clicking this button, the hacker is automatically invited into your program. The button will take them to the report submissions page, where they can claim the report draft and submit a valid HackerOne report to your program.
- You will then be notified of a new vulnerability submitted by the hacker in your inbox where you can use the platform tools to comment, triage, and pay bounties.
How to Set Up Email Forwarding
- Go to Settings > Program > Hacker Management > Email Forwarding.
- Click on Add email address.
- Enter the email address the vulnerability reports should be sent to. A common example is: firstname.lastname@example.org.
- Configure your email server to forward to the address given.
- Select Run test to ensure that forwarding is set up correctly
Note: You can add multiple email addresses to forward to the same inbox
How to set up email forwarding for:
Still have questions? Contact us.