Email header injection is a type of injection vulnerability. It can occur when a server generates SMTP requests based on user input. It is also known as SMTP injection.
The main danger of email header injection is that an attacker will use the server to send emails to unintended recipients, usually for phishing or spamming purposes.
Email header injection isn’t usually directly harmful to the server it’s performed on. However, it can severely damage the reputation of the organization whose servers are compromised. Having your domain used to send spam is a bad look!
Email header injection usually involves using special characters to trick the parser which generates the SMTP requests. Sequences of characters that represent a line break are especially common for embedding extra header fields into, say, a return address field.
There are multiple methods to prevent email header injection. The best way is to simply not send emails based on user input. If you can’t avoid it, a combination of input sanitization and firewalls can help prevent email header injection. Input sanitization aims to prevent injection attacks from working, while the firewalls help to limit the harm if an attack is successful.