Sending emails is security-sensitive. For example, it has led in the past to the following vulnerabilities:

Emails can create multiple vulnerabilities:

Information exposure

Emails often contain sensitive information which might be exposed to an attacker.

Injecting dangerous content

Emails can contain html and javascript code, thus they can be used for XSS attacks.

Email Header Injection

This is one of the most common attacks.

Email fields such as subject, to, cc, bcc, from are set in Email "headers". Those headers are separated by CR ("carriage return" often represented as \r) or LF ("line feed" often represented as \n) characters.

If an unsanitized input is provided to a header field, it becomes vulnerable to Email Header Injection attacks. An attacker can then add fields in the header or even modify the message.

For example, providing the following value to the From field

me@example.com\nCc:injectedrecipient@otherexample.com\nBcc:yetanother@myexample.com,andagain@thisisdangerous.net

would result in injecting two additional fields (CC and BCC):

FROM: me@example.com
CC: injectedrecipient@otherexample.com
BCC: yetanother@myexample.com,andagain@thisisdangerous.net

This rule raises an issue when an API sending emails is called.

Ask Yourself Whether

You are at risk if you answered yes to any of those questions.

Recommended Secure Coding Practices

Sensitive Code Example

import javax.mail.*;
import javax.mail.internet.MimeMessage;

public class Main {
    public static void sendEmail (Session session, String subject) throws MessagingException{
        Message message = new MimeMessage(session);  // Sensitive

        // For example the setSubject method is vulnerable to Header injection before
        // version 1.5.6 of javamail
        message.setSubject(subject);
        // ...
    }
}

See