diff --git a/ql/src/Security/CWE-640/EmailInjection.qll b/ql/src/Security/CWE-640/EmailInjection.qll
index 4cf8b382c98..726836ed922 100644
--- a/ql/src/Security/CWE-640/EmailInjection.qll
+++ b/ql/src/Security/CWE-640/EmailInjection.qll
@@ -24,6 +24,19 @@ module EmailInjection {
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
+    override predicate isSanitizerOut(DataFlow::Node node) {
+      exists(DataFlow::CallNode call |
+        call.getTarget().hasQualifiedName("hash.Hash", "Write") and
+        (
+          call.getReceiver().getType().getName() = "Hash" or
+          call.getReceiver().getType().getName() = "Hash32" or
+          call.getReceiver().getType().getName() = "Hash64"
+        )
+      |
+        node = call.getArgument(0)
+      )
+    }
+
     override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
   }
 }