diff --git a/app/controllers/mail_handler_controller.rb b/app/controllers/mail_handler_controller.rb
index 649714bcc..20bbd7090 100644
--- a/app/controllers/mail_handler_controller.rb
+++ b/app/controllers/mail_handler_controller.rb
@@ -28,7 +28,29 @@ class MailHandlerController < ActionController::Base
 
   # Submits an incoming email to MailHandler
   def index
-    options = params.dup
+    options = params.permit(
+      :key,
+      :email,
+      :allow_override,
+      :unknown_user,
+      :default_group,
+      :no_account_notice,
+      :no_notification,
+      :no_permission_check,
+      :project_from_subaddress,
+      {
+        issue: [
+          :project,
+          :status,
+          :tracker,
+          :category,
+          :priority,
+          :assigned_to,
+          :fixed_version,
+          :is_private
+        ]
+      }
+    ).to_h
     email = options.delete(:email)
     if MailHandler.safe_receive(email, options)
       head :created