Email injection is a security vulnerability that can occur in Internet applications that are used to send email messages. It is the email equivalent of HTTP Header Injection. Like SQL injection attacks, this vulnerability is one of a general class of vulnerabilities that occur when one programming language is embedded within another.
Counter Measures
• Do not provide open relays
• Open the smtp port only if essential
• Use a ‘tarpits’ technique to slow requests as a means of dissuading attacks