Security Policy
How to report security vulnerabilities to sverige.email.
Scope
This policy covers security vulnerabilities affecting:
- The sverige.email domain and its subdomains
- DNS configuration (DNSSEC, SPF, DKIM, DMARC)
- TLS/SSL configuration and certificate validity
- Web server configuration and HTTP security headers
- Email server infrastructure and protocols
- Unintended exposure of sensitive information
Out of scope
The following are outside the scope of this policy:
- Denial of service attacks
- Social engineering or phishing attempts
- Physical security
- Spam and abuse (report to postmaster@sverige.email)
- Vulnerabilities in third-party services we depend on
- Theoretical vulnerabilities with no practical impact
- Missing security headers rated as informational only
How to report
Please send vulnerability reports to postmaster@sverige.email. Include a clear description of the issue, steps to reproduce, and your assessment of the potential impact. We welcome coordinated disclosure.
What to expect
- Acknowledgment of your report within 3 business days
- An assessment of the reported issue within 10 business days
- Regular updates while we investigate and address the issue
- Credit in our acknowledgments if you wish (just let us know)
Safe harbour
We will not take legal action against researchers who discover and report security vulnerabilities in good faith, provided they:
- Do not access, modify, or delete data beyond what is needed to demonstrate the vulnerability
- Do not perform destructive testing or degrade service availability
- Do not disclose the vulnerability publicly before we have had a reasonable opportunity to address it
- Act in compliance with applicable law
Note on site architecture
sverige.email currently operates as a static website with no server-side scripting, no user accounts, and no client-side JavaScript. The attack surface is intentionally narrow. We appreciate reports about infrastructure-level issues such as TLS configuration, DNS security, and email authentication records.