Injection Attacks: The Complete 2020 Guide

SMTP Header Injections - Defenses

Use components/libraries that provide protection

Escape user-supplied input

Escape any attempts to insert newlines or carriage returns (ie: \n or \r\n)

You can escape with:

  • Regex
  • Libraries / components

Firewall Rules

You can use:

  • Open source firewalls
  • Cloud-vendor specific ones
  • 3rd party WAFs

Firewalls can look for, and reject, requests that contain newlines or carriage return characters in POST or GET requests.

Defenses against SMTP Header injections

By Christophe Limpalair

Defenses against SMTP Header injections

  • 462