Back to Glossary

Glossary Term

Email Header Injection

Manipulating email-sending forms to add malicious headers, send spam, or redirect messages.

1 min read

Share this definition

Post it to your feed or send it to teammates.

Email Header Injection

1-minute read

What it is

Email Header Injection happens when attackers manipulate email messages by inserting hidden commands into form fields.

Why it matters

It can be used to send spam, fake emails, or redirect messages without being noticed.

How to reduce risk

Properly clean all email form inputs
Block special characters in email fields
Monitor unusual email sending patterns

External resources

https://owasp.org/www-community/attacks/Email_Header_Injection
https://portswigger.net/web-security/email-injection