TL;DR: CRLF in From/To/Subject fields → arbitrary headers and recipients on the outbound mail; spam pivot and address-book exfil.

Stub — to be filled in.

What it is

TODO

Preconditions / where it applies

TODO

Technique

TODO

Detection and defence

TODO

References

• https://owasp.org/www-community/vulnerabilities/CRLF_Injection