By reporting a vulnerability before you make it known to the outside world, you enable Sanoma to take appropriate measures first. If you report a vulnerability or security issue, please consider the following:

  • Provide sufficient information to reproduce the problem. This way Sanoma can solve the problem as quickly as possible. Usually the URL of the affected service and a description of the vulnerability is sufficient.
  • Leave your contact details (name, email address and/or telephone number) so that Sanoma can contact you.
  • Report your finding as soon as possible after discovering the vulnerability or security issue.
  • Please report you finding in English. Alternatively Finnish or Dutch can be used.
  • Please do not report missing or permissively configured email authentication records (SPF, DKIM, DMARC).


After we have received your report:

  • Your report is treated confidential.
  • We will acknowledge that we have received your message within 3 days.
  • Within 10 working days we will provide more detailed feedback on your finding.


We kindly ask you to respect our rules

  • Please do not share the information about the vulnerability or security issue with others until it is resolved.
  • Do not abuse the vulnerability that you have identified. Limit your actions to the minimum needed to identify the vulnerability.
  • Your investigation should not have any impact on the availability of our services.
  • Do not perform actions that go beyond what is necessary to demonstrate the security issue.
  • Do not utilize brute force techniques or social engineering in order to gain access to our services.
  • Do not implant a backdoor in our services to demonstrate your finding.


Please note that this channel is not meant for customer support or questions about our services.