<html>I have found the vulnerability in hagander.net and It was my moral obligation to report it to them.
<div class="noTransl">----- Reply to message -----<br />
<b>Subject: </b>Re: Vulnerability Report (DMARC RECORD)<br />
<b>Date: </b>Fri, 16 Apr 2021, 13:11<br />
<b>From: </b> Magnus Hagander <a href="mailto:magnus(at)hagander(dot)net"><magnus(at)hagander(dot)net></a><br />
<b>To: </b> <a href="mailto:arslan(dot)whitehat(at)inbox(dot)eu"><arslan(dot)whitehat(at)inbox(dot)eu></a></div>
<blockquote>On Fri, Apr 16, 2021 at 12:05 PM <arslan(dot)whitehat(at)inbox(dot)eu> wrote:<br />
><br />
> Hello Team,<br />
> I am a security researcher and I founded this vulnerability in your website.<br />
<br />
First of all, this is not a vulnerability.<br />
Second, this is not about a website, it's about email.<br />
<br />
<br />
<br />
> Hoping for the bounty for my ethical Disclosure.<br />
<br />
Please note that<br />
<br />
1. The PostgreSQL open source project does not have a bug bounty<br />
program. Individual vendors may, but not the open source project.<br />
<br />
2. You announced your "discovery" publicly, that's not the normal way<br />
to get a bounty from *any* source. But luckily, it wasn't actually a<br />
vulnerability.<br />
<br />
<br />
//Magnus</blockquote>
</html>