The following list highlights recent disclosures:
We regularly receive feedback on our use of SPF records.
Signify does not use a DNS SPF record for mail management. This is intentional, so please do not submit an issue about this.
An issue raised to Signify was that a version control ignore file on our site was leaking information.
While we do not consider this to be a vulnerability in itself, it did highlight a non standard practice and as a result we have altered our deployment process to remove these files before they could be deployed to any test or production environment.
Thank you to everyone for contributing to make our site(s) safe!