All incoming and outgoing emails must be checked with an anti-spam filter.
CAPEC-41: Using Meta-characters in E-mail Headers to Inject Malicious Payloads. This type of attack involves an attacker leveraging meta-characters in email headers to inject improper behavior into email programs.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation