diff --git a/data/web/inc/functions.quarantine.inc.php b/data/web/inc/functions.quarantine.inc.php
index 430047e0..a7e94dc8 100644
--- a/data/web/inc/functions.quarantine.inc.php
+++ b/data/web/inc/functions.quarantine.inc.php
@@ -298,7 +298,9 @@ function quarantine($_action, $_data = null) {
         $max_size = $_data['max_size'];
         $max_age = intval($_data['max_age']);
         $subject = $_data['subject'];
-        $sender = $_data['sender'];
+        if (!filter_var($_data['sender'], FILTER_VALIDATE_EMAIL)) {
+          $sender = '';
+        }
         $html = $_data['html_tmpl'];
         if ($max_age <= 0) {
           $max_age = 365;
diff --git a/data/web/inc/functions.quota_notification.inc.php b/data/web/inc/functions.quota_notification.inc.php
index 61d101dc..7778594f 100644
--- a/data/web/inc/functions.quota_notification.inc.php
+++ b/data/web/inc/functions.quota_notification.inc.php
@@ -21,7 +21,10 @@ function quota_notification($_action, $_data = null) {
         $release_format = 'raw';
       }
       $subject = $_data['subject'];
-      $sender = $_data['sender'];
+      $sender = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $_data['sender']);
+      if (filter_var($sender, FILTER_VALIDATE_EMAIL) === false) {
+        $sender = '';
+      }
       $html = $_data['html_tmpl'];
       try {
         $redis->Set('QW_SENDER', $sender);