- Sender analysis
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: Sender analysis
Sender analysis helps you assess whether an email is coming from a legitimate sender. By combining machine learning and rules-based logic, this method evaluates sender profiles, looking at things like authentication results, past behavior, and patterns from previous messages.
Sender analysis can help you detect:
- Impersonation attempts using fake email addresses or domains
- Suspicious senders with authentication issues (e.g., SPF, DKIM, DMARC failures)
- Unusual behavior based on historical patterns, like frequent urgent requests
- Senders linked to known phishing or malware campaigns
- Changes in sender behavior that could indicate a compromised account
For example, an attacker might try to impersonate a trusted vendor or executive. The email address or domain might look real, but sender analysis can catch issues like failed authentication checks or past suspicious activity, helping you spot these threats before they do damage.
Blog Posts
Credential phishing Charles Schwab account holders with 2FA bypass · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
B2B freight-forwarding scams on the rise to evade financial fraud crackdowns · Blog · Sublime Security
Detecting malicious AnonymousFox email messages sent from compromised sites · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Hidden credential phishing within EML attachments · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Adversarial ML: Extortion via LLM Manipulation Tactics · Blog · Sublime Security
Attack Types (7):
Tactics & Techniques (24):
Rule Name & Severity | Last Updated | Author | Types, Tactics & Capabilities | |
|---|---|---|---|---|
Credential phishing: Generic document sharing | 3d ago Feb 14th, 2026 | Sublime Security | /feeds/core/detection-rules/credential-phishing-generic-document-sharing-9f0e1d2c | |
Brand impersonation: Punchbowl | 4d ago Feb 13th, 2026 | Sublime Security | /feeds/core/detection-rules/brand-impersonation-punchbowl-58937ba0 | |
Brand Impersonation: PayPal | 4d ago Feb 13th, 2026 | Sublime Security | /feeds/core/detection-rules/brand-impersonation-paypal-a6b2ceee | |
Russia return-path TLD (untrusted sender) | 4d ago Feb 13th, 2026 | Sublime Security | /feeds/core/detection-rules/russia-return-path-tld-untrusted-sender-588b3954 | |
Brand impersonation: Amazon | 4d ago Feb 13th, 2026 | Sublime Security | /feeds/core/detection-rules/brand-impersonation-amazon-13fc967d | |
Credential phishing: Tax form impersonation with payment request | 4d ago Feb 13th, 2026 | Sublime Security | /feeds/core/detection-rules/credential-phishing-tax-form-impersonation-with-payment-request-717695cf | |
Brand impersonation: USPS | 4d ago Feb 13th, 2026 | Sublime Security | /feeds/core/detection-rules/brand-impersonation-usps-28b9130a | |
File sharing link from suspicious sender domain | 4d ago Feb 13th, 2026 | Sublime Security | /feeds/core/detection-rules/file-sharing-link-from-suspicious-sender-domain-95f20354 | |
Attachment: Self-sender PDF with minimal content and view prompt | 5d ago Feb 12th, 2026 | Sublime Security | /feeds/core/detection-rules/attachment-self-sender-pdf-with-minimal-content-and-view-prompt-07670a8c | |
Brand impersonation: Dropbox | 5d ago Feb 12th, 2026 | Sublime Security | /feeds/core/detection-rules/brand-impersonation-dropbox-61f11d12 | |
Open redirect: embluemail.com | 5d ago Feb 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-embluemailcom-48c5abd3 | |
Brand impersonation: TikTok | 5d ago Feb 12th, 2026 | Sublime Security | /feeds/core/detection-rules/brand-impersonation-tiktok-aaacc8b7 | |
Link: PDF filename impersonation with credential theft language | 5d ago Feb 12th, 2026 | Sublime Security | /feeds/core/detection-rules/link-pdf-filename-impersonation-with-credential-theft-language-05931513 | |
Callback Phishing via Zoom comment | 6d ago Feb 11th, 2026 | Sublime Security | /feeds/core/detection-rules/callback-phishing-via-zoom-comment-8ec30881 | |
PayPal invoice abuse | 6d ago Feb 11th, 2026 | Sublime Security | /feeds/core/detection-rules/paypal-invoice-abuse-0ff7a0d4 | |
Brand impersonation: Navan | 8d ago Feb 9th, 2026 | Sublime Security | /feeds/core/detection-rules/brand-impersonation-navan-3573e9a8 | |
Reconnaissance: Empty subject with mismatched reply-to from new sender | 11d ago Feb 6th, 2026 | Sublime Security | /feeds/core/detection-rules/reconnaissance-empty-subject-with-mismatched-reply-to-from-new-sender-12f4bd45 | |
Brand Impersonation: Disney | 11d ago Feb 6th, 2026 | Sublime Security | /feeds/core/detection-rules/brand-impersonation-disney-bf90b8fb | |
New link domain (<=10d) from untrusted sender | 11d ago Feb 6th, 2026 | Sublime Security | /feeds/core/detection-rules/new-link-domain-less10d-from-untrusted-sender-4805b0e6 | |
Service abuse: Apple TestFlight with suspicious developer reference | 11d ago Feb 6th, 2026 | Sublime Security | /feeds/core/detection-rules/service-abuse-apple-testflight-with-suspicious-developer-reference-e7ea0ee0 |
Page 1 of 25