← Back to All Scanners
Injection AttacksMedium Severity

Email Header Injection Scanner

Detects email header injection for spam and phishing attacks.

Try This Scanner

What is Email Header Injection?

Email Header Injection occurs when user input is incorporated into email headers without proper sanitization. Attackers inject newline characters (CRLF) to add arbitrary headers or control email content, enabling spam distribution, phishing, and bypassing email security controls through legitimate mail servers.

Why is This Important?

Email injection turns your application into a spam relay or phishing platform, damaging reputation and potentially getting your mail servers blacklisted. Attackers can send emails appearing to come from your domain, bypassing SPF/DKIM checks because the emails genuinely originate from your infrastructure.

How It Works

1. Input Discovery

Maps all user input points including forms, headers, cookies, and API parameters for injection testing.

2. Injection Testing

Executes sophisticated injection payloads designed to bypass filters and WAFs while detecting vulnerabilities.

3. Exploitation Validation

Confirms vulnerabilities through safe exploitation, providing proof-of-concept and impact assessment.

Key Capabilities

Advanced injection detection engine combining signature-based and AI-powered analysis for comprehensive coverage.

  • Multi-vector injection testing across all input types
  • WAF and filter bypass techniques built-in
  • Database-specific payload optimization
  • Out-of-band detection for blind vulnerabilities
  • Automated proof-of-concept generation

Frequently Asked Questions

How does email header injection work?

Email headers are separated by CRLF ( ). Attackers inject newlines in fields like 'From', 'Subject', or 'To' to add new headers (Cc, Bcc for spam) or end headers early to inject body content. A single newline in user input can compromise the entire email.

What can attackers do with email injection?

Attackers can: add recipients (Bcc for spam), modify From/Reply-To for phishing, inject malicious content or links, bypass email security by sending through legitimate servers, add attachments through MIME manipulation, and damage sender reputation.

Where does email injection commonly occur?

Common locations include: contact forms, password reset functions, invitation systems, notification preferences, 'email this page' features, and any form that lets users specify email addresses or content that ends up in headers.

How do I prevent email header injection?

Strip or reject newline characters ( ) from all user input used in headers, use email libraries that sanitize headers automatically, validate email addresses strictly, send user-provided content only in the body (not headers), and implement rate limiting on email functions.

Related Scanners

NoSQL Injection - MongoDBCritical
Learn more →
NoSQL Injection - RedisCritical
Learn more →
NoSQL Injection - CouchDBCritical
Learn more →
NoSQL Injection - CassandraCritical
Learn more →

Ready to secure your application?

Start testing for email header injection vulnerabilities today.

Get Started Free