SMTP Header Injections - Defenses
Use components/libraries that provide protection
Escape user-supplied input
Escape any attempts to insert newlines or carriage returns (ie: \n or \r\n)
You can escape with:
- Regex
- Libraries / components
Firewall Rules
You can use:
- Open source firewalls
- Cloud-vendor specific ones
- 3rd party WAFs
Firewalls can look for, and reject, requests that contain newlines or carriage return characters in POST or GET requests.