The e-mail injection is a security vulnerability that allows malicious users to send e-mail messages using someone else's server without prior authorization. These messages are usually spam and may cause problems to the owner of the server the spammer used.

To prevent your server (or your hosting account) from being used for spam without your knowledge, you must be sure your forms are not vulnerable to mail injection.

On this site we discuss about the e-mail injection on the mail() function of php. When a form is made to use the php mail() as the mailer, some details must be checked.

The spammers may exploit the MIME format to include additional data to the message that is being sent. This data may be a new recipient list, a new message or anything the malicious user wants to.

If the malicious user can exploit your script, his spam will be sent with your server IP - even if the spammer spoofs the sender's e-mail address. So, if you have your own server or even an simple shared hosting account, the e-mail injection may affect you.

Now you know what the e-mail injection is, you may also want to know the details on how it works. Click here.