The Database Hackers Handbook: Defending Database Servers

SQL Server's e-mail stored procedures can provide a means for an attacker to submit queries and receive the results from an anonymous account. This affects the audit trail and could prevent tracing.

xp_deletemail: Deletes an e-mail from SQL Server's inbox.

xp_findnextmsg: Receives a message ID and returns the message ID of the next mail in SQL Server's inbox.

xp_readmail: Used to either view the inbox or a specific mail.

xp_sendmail: Sends an e-mail, together with an optional resultset.

xp_startmail: Used to start a SQL Mail client session.

xp_stopmail: Used to end a SQL Mail client session.