Report a Security Vulnerability

At Proofpoint our top priority is protecting the way people work today. We value the security research community and encourage responsible reporting of potential security vulnerabilities. Our security team is dedicated to working with you to validate and respond to legitimate reports. If you believe you've identified a potential security vulnerability, please email your discovery to

We encourage people who contact Proofpoint Security to use email encryption, using our PGP encryption key:

We ask that you do not share or publicize an unresolved vulnerability. If you responsibly submit a vulnerability report, the Proofpoint security team will use reasonable efforts to:

- Validate the reported vulnerability. If additional information is required in order to validate or reproduce the issue, Proofpoint will work with you to obtain it
- Keep you informed of our progress as we investigate your reported security concern
- Notify you when the vulnerability has been fixed
- Publicly acknowledge your responsible disclosure (unless you prefer anonymity)