Real Python Security and Reporting
If you find a security hole, please let us know at info+security@realpython.com. We try to respond (with fixes!) as soon as possible, and really appreciate the help.
Thanks to the following people who have discovered and responsibly disclosed security holes in Real Python:
2020-05-30 Kishan Kumar
- DMARC was configured in a way that would not automatically flag spoofed emails as spam in Gmail
2020-05-07 Amit Kumar
- Missing rate limit for email verification could lead to email flooding
Notes & Exclusions: While researching, we’d like to ask you to refrain from:
- Spamming
- Denial of service
- Social engineering (including phishing) of Real Python staff or users