Emails from Bitwarden
Like using strong passwords, avoiding suspicious emails is an important tool in your online security toolkit. We recommend familiarizing yourself with these FTC Guidelines for spotting and avoiding phishing.
Here are some guidelines to help you determine whether an email that looks like it's from Bitwarden is legitimate:
Emails such as new device alerts, invitations to join an organization, request access to Secrets Manager, and two-step login codes will come from no-reply@bitwarden.com
or, if you are self-hosting, a configured domain like no-reply@my.domain.com
.
note
Email verification requests, which as of 2024.9.2 are sent to cloud users during the account creation, are also issued from no-reply@bitwarden.com
:
These emails will never contain attachments. If you are prompted to download a file, please report the email to us.
Some of these emails, such as organization invites, will contain buttons. Always check the validity of the hyperlink before clicking on it by confirming that it leads to https://vault.bitwarden.com
or your organization's self-hosted domain. If you don't know your organization's domain, ask a member of your IT team or an administrator.
Automated payments emails for individual premium and paid organizations subscriptions will come from an invoice+statements@bitwarden.com
address.
These emails will contain attachments, specifically PDF invoices and receipts.
While you will receive automated emails as part of everyday use of Bitwarden, you might also receive emails from the following addresses if you have interacted with various parts of the Bitwarden ecosystem:
Support requests will be received from
support@bitwarden.com
.Product announcements will be received from
productupdates@bitwarden.com
.Trial information will be received from
trial@bitwarden.com
.Marketing campaigns will be received from
marketing@bitwarden.com
andcare@bitwarden.com
.Emails from members of the Bitwarden team will be received from
@bitwarden.com
email addresses.
Bitwarden will send an email alert for suspicious activities such as logging in from an unknown device, and failed login attempts from an unknown device.
These emails will never contain attachments. If you are prompted to download a file or click an unknown link, please contact us.
If your account successfully logs in from an unknown device, you will receive an email containing information about the login.
The email will contain:
Date
IP Adress
Device type
If you do not recognize this login, see here and take immediate steps to protect your account.
When a request to an organization administrator to add a trusted device is approved, the requesting user is sent an email informing them they can continue logging in on that device. The user must take action by logging in to the new device within 12 hours, or the approval will expire.
The email will contain:
Date
IP address
Device type
Suggest changes to this page
How can we improve this page for you?
For technical, billing, and product questions, please contact support