Real Python Security and Reporting

If you find a security hole, please let us know at info+security@realpython.com. We try to respond (with fixes!) as soon as possible, and really appreciate the help.

Thanks to the following people who have discovered and responsibly disclosed security holes in Real Python:

2020-05-30 Kishan Kumar

DMARC was configured in a way that would not automatically flag spoofed emails as spam in Gmail

2020-05-07 Amit Kumar

Missing rate limit for email verification could lead to email flooding

Notes & Exclusions: While researching, we’d like to ask you to refrain from:

Spamming
Denial of service
Social engineering (including phishing) of Real Python staff or users