Mail Command Injection is an attack technique used to exploit mail servers and webmail applications that construct IMAP/SMTP statements from user-supplied input that has not been properly sanitized. An IMAP/SMTP Mail Command Injection makes it possible to access a mail server that the attacker previously had no access to.
In some cases, these internal systems do not have the same level of infrastructure security hardening applied to them as most front-end web servers. Hence, attackers may find that the mail server yields better results in terms of exploitation. Mail Command Injection also allows attackers to evade possible restrictions that typically exist at the application level, such as CAPTCHA, maximum number of requests, etc.
Watch this webinar hosted by Threat Research Experts that discusses best practices on secure coding, and how to avoid mail command injection attacks.