diff --git a/modules/email/mail-log-analyzer.sh b/modules/email/mail-log-analyzer.sh
index 50adb3e..ee936cd 100755
--- a/modules/email/mail-log-analyzer.sh
+++ b/modules/email/mail-log-analyzer.sh
@@ -157,7 +157,7 @@ detect_spam_accounts() {
 
     # Also count by email address
     grep "<=" -- "$log_file" 2>/dev/null | \
-        grep -oE '\<[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\>' | \
+        grep -oE '[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' | \
         sort | uniq -c | sort -rn | head -50 >> "$temp_file"
 
     # Cap ANALYSIS_HOURS to prevent threshold overflow (max 1 year = 8760 hours)
@@ -743,8 +743,9 @@ calculate_domain_success_rates() {
     if [ -f "$TEMP_DIR/domains_delivered.$$" ] && [ -f "$TEMP_DIR/domains_bounced.$$" ]; then
         # Get unique domains from both files
         sort "$TEMP_DIR/domains_delivered.$$" "$TEMP_DIR/domains_bounced.$$" | uniq | while read -r domain; do
-            local delivered=$(grep -c "^$domain$" "$TEMP_DIR/domains_delivered.$$" 2>/dev/null || echo "0")
-            local bounced=$(grep -c "^$domain$" "$TEMP_DIR/domains_bounced.$$" 2>/dev/null || echo "0")
+            # Use grep -F for literal matching to prevent regex injection from special domain characters
+            local delivered=$(grep -cF "$domain" "$TEMP_DIR/domains_delivered.$$" 2>/dev/null || echo "0")
+            local bounced=$(grep -cF "$domain" "$TEMP_DIR/domains_bounced.$$" 2>/dev/null || echo "0")
             local total=$((delivered + bounced))
 
             if [ "$total" -gt 0 ]; then