Email Injection attacks

please don't bump your message just because you didn't get a reply.
if someone was interested or had an answer, i'm sure they would have
answered by now.

that being said, i assume by validate_request you mean the plugin.
after looking at the readme/usage it appears to only support:

1) validating type of request
2) validating a parameter as either an integer or string
3) validating a string parameter against a specific string
4) validating a parameter against a model

in other words, i don't see how you could stop email injection based
on that functionality.

now, that's not to say you couldn't do those checks in your code
yourself, where necessary. no plugin is necessary.

check if request is a post/get
check form fields against email injection (ie, match header fields
against one or more regular expressions)

point is, you're going to have to do the same thing regardless of the language.

now, most of the email injection info i've seen has to do with how the
php mail() function constructs the mail message itself. ActionMailer
may not be prone to this type of attack if it functions differently.
Not it say it is or is not, because I don't know.

Chris