Security

Security & Responsible Disclosure

Reporting a concern

To report a security issue, suspected abuse, or a phishing-simulation email you believe was misdirected, contact abuse@infimasec.com. Please include the relevant message headers and timestamps so we can trace it quickly. This mailbox is monitored.

Authorized simulation infrastructure

INFIMA operates authorized phishing-simulation testing on behalf of our customers, under written agreement. Email originating from or referencing phishsim.infimasec.com and our published simulation IP addresses is sanctioned security-awareness testing conducted for the organization whose users receive it — it is not unsolicited mail.

If you are a recipient or administrator with questions about a specific message, contact abuse@infimasec.com and we will help you confirm whether it relates to authorized testing.

Machine-readable contact

A machine-readable version of this information is published, per RFC 9116, at /.well-known/security.txt.

Responsible disclosure

If you believe you have found a vulnerability in an INFIMA product or service, we welcome your report at abuse@infimasec.com. We ask that you give us a reasonable opportunity to investigate and resolve the issue before disclosing it publicly, and that you avoid accessing or modifying data that isn’t yours while testing. We will not pursue action against researchers who report findings in good faith and in line with this guidance.