Preventive Measure
- Use input validation techniques such as whitelisting to filter input.
- Newline characters are not allowed or rejected.
- There are many email libraries that can be used to automatically defend against this type of attack.
- Never trust user input. So test all possible inputs.
SMTP Injection
SMTP stands for Simple Mail Transfer Protocol. It is an application layer protocol that handles the sending, receiving, and forwarding of emails on the server. A client that wants to send an email first opens a TCP connection to the SMTP server and sends an email over that connection.
Contact Us