SKILL: Email Header Injection — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert email header injection and authentication bypass. Covers SMTP CRLF injection, SPF/DKIM/DMARC circumvention, display name spoofing, and mail client rendering abuse. Base models miss the nuance between header injection (technical) and email auth bypass (protocol-level) — this skill covers both attack surfaces.

0. RELATED ROUTING

crlf-injection — general CRLF injection; email headers are a specific high-value sink
ssrf-server-side-request-forgery — when SMTP server is reachable via SSRF (gopher://smtp)
open-redirect — redirect in password-reset emails as phishing amplification

1. SMTP HEADER INJECTION FUNDAMENTALS

SMTP headers are separated by CRLF (\r\n). If user input is placed into email headers without sanitization, injecting %0d%0a (or \r\n) adds arbitrary headers.

email-header-injection

SKILL: Email Header Injection — Expert Attack Playbook

0. RELATED ROUTING

1. SMTP HEADER INJECTION FUNDAMENTALS

Injection anatomy

More from yaklang/hack-skills

hack

xss-cross-site-scripting

sqli-sql-injection

api-sec

ssrf-server-side-request-forgery

api-auth-and-jwt-abuse