+++ title = 'BugBounty 101: Email Subscriptions' date = 2024-12-18 +++ The most common vuln in email subscription that I've seen is spamming: If you found any email subscription form, try to spam yourself by subscribing multiple times: ```sh email@example.com (your original mail box) email+random1@example.com (messages will be sent to 'email@example.com') email+random2@example.com ... ``` Why company don't want it? It's possible to use this vuln to make all their emails appear in spam folder by-default by spamming innocent users which will report it as spam. Other email hacks: https://book.hacktricks.xyz/pentesting-web/email-injections