High Severity

Attachment: Cold outreach with invitation subject and not attachment

Labels

Spam

Social engineering

Image as content

Content analysis

Natural Language Understanding

File analysis

Description

Detects inbound messages with invitation-related subjects that request recipients to view attachments, contain no links, and are classified as B2B cold outreach with high confidence. Messages either have no attachments or contain a single image attachment.

References

No references.

Sublime Security

Created Apr 3rd, 2026 • Last updated Apr 3rd, 2026

Feed Source

Sublime Core Feed

Source

GitHub

type.inbound
and strings.icontains(subject.subject, 'invit')
and length(body.links) == 0
// please find attached language
and regex.icontains(body.current_thread.text,
                    '(?:please|find|view).{0,50}attached'
)
// a single image attachment or there are 0 attachments
and (
  (
    length(attachments) == 1
    and all(attachments, .file_type in $file_types_images)
  )
  or length(attachments) == 0
)
and any(ml.nlu_classifier(body.current_thread.text).topics,
        .name == "B2B Cold Outreach" and .confidence == "high"
)

MQL Rule Console

•Docs•Learning Labs

Playground

Test against your own EMLs or sample data.

Post about this on your socials.

Get Started. Today.

Managed or self-managed. No MX changes.