SMTP Injection SendEmailCommand #5802
Answered
by
iann0036
nicosuerohynds
asked this question in
Q&A
-
|
Hello. I would like to know if the input parameters in SendEmailCommand are sanitized or require us to sanitize to avoid SMTP Injection. Thanks |
Beta Was this translation helpful? Give feedback.
Answered by
iann0036
Feb 17, 2024
Replies: 2 comments
-
|
SES performs server-side validation of customer input on the SendEmail API, but only for validity - i.e. the source field, in addition to being well-formatted, must also be a verified identity. The SES team recommend customers apply best-practices and sanitise any external input themselves before passing it to any downstream system including SES. |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
nicosuerohynds
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
SES performs server-side validation of customer input on the SendEmail API, but only for validity - i.e. the source field, in addition to being well-formatted, must also be a verified identity.
The SES team recommend customers apply best-practices and sanitise any external input themselves before passing it to any downstream system including SES.