Better Together.

Sublime enables security teams and researchers to contribute rules, publicly or privately, to detect phishing attacks, threat hunt, and auto-triage user reported messages.

Community-contributed detection rules

Detection rules contributed to the public Sublime Rules Feed are available to all users. Submissions are vetted by the Sublime team.

I love sharing rules to give back to the community. I think the safer we all are, the harder it is for the bad guys, and that’s alright by me.”

Alfie Champion
Adversary Emulation Manager
FTSE 250 financial institution
Company name hidden due to contractural agreements.

Share publicly, privately, or peer-to-peer

Sublime Feeds are Git-backed, and subscriptions are kept automatically up to date.


Write and run custom rules. You control if, when, and how they’re shared.


Submit your rules to the public Sublime Rules Feed or share privately with anyone.


Your rules will block phishing attacks for Sublime users around the world.

You’re in good company

Detection rules have been contributed both publicly and privately by Global 2000 security teams and independent researchers.

Get Started. Today.

Deploy and integrate a free Sublime instance in minutes.

Managed Instance

Create account in minutes

For organizations of any size. First 100 mailboxes free.

Create Free Account
Deploy and self host

Docker for smaller orgs

Limited to 600 active mailboxes. View Docker Guide.

Copied to clipboard
curl -sL | sh
Eml analyzer

Rapid phishing investigation.

No setup or integration required.

Open EML Analyzer
Deploy and self host

AWS Cloud for enterprise

Scales to any number of mailboxes. View AWS Quickstart

Launch Stack
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get a live demo

Learn how Sublime verifiably closes email attack surface.

Request Demo