Currently, there is no monetary bounty for any reported bug.
Please do not report that we are missing DMARC records. We are already employing SPF-records to prevent email spoofing, which we consider sufficent.