Found a Bug?
If you've found a security vulnerability, first of all, thank you. We're just one person running this thing, so we appreciate the extra eyes. Please don't try to ransom us; we have no money. Just let us know, and we'll try to fix it.
Disclosure Process
We believe in coordinated disclosure. Please follow these steps:
- Initial Report: Send the full details of the vulnerability to [email protected]. Please include a clear description, steps to reproduce, and the potential impact.
- Our Response: We will acknowledge your report within 48 hours to let you know we've seen it and are appropriately panicking.
- Investigation & Fix: We will investigate the issue and work on a fix. We'll keep you updated on our progress.
- Disclosure: Once the vulnerability is fixed, we will work with you to agree on a date for public disclosure. Please give us a reasonable amount of time (e.g., 90 days) before you post it on Twitter for clout.
- Acknowledgment: We'll add your name or handle to our Hall of Fame page as a thank you for your help.
Scope
This policy applies to the oiledup.email service and its associated domains. Please do not conduct security research on our users' accounts.
The Official security.txt File
For automated tools and cool security researchers, here is our official `security.txt` file. You can find this file at `/.well-known/security.txt` on our main domain.
# Our security policy is a joke, but our security isn't.
# Please report any vulnerabilities you find.
Contact: mailto:[email protected]
Expires: 2026-08-01T19:00:00.000Z
Acknowledgments: https://oiledup.email/hall-of-fame.html
Policy: https://oiledup.email/security.html
Hiring: We are not hiring. Please do not send us your resume.
Preferred-Languages: en