Detection Method: Sender analysis

Sender analysis helps you assess whether an email is coming from a legitimate sender. By combining machine learning and rules-based logic, this method evaluates sender profiles, looking at things like authentication results, past behavior, and patterns from previous messages.
Sender analysis can help you detect:
  • Impersonation attempts using fake email addresses or domains
  • Suspicious senders with authentication issues (e.g., SPF, DKIM, DMARC failures)
  • Unusual behavior based on historical patterns, like frequent urgent requests
  • Senders linked to known phishing or malware campaigns
  • Changes in sender behavior that could indicate a compromised account
For example, an attacker might try to impersonate a trusted vendor or executive. The email address or domain might look real, but sender analysis can catch issues like failed authentication checks or past suspicious activity, helping you spot these threats before they do damage.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: Punchbowl
14h ago
Jul 15th, 2026
Sublime Security
Brand impersonation: Squarespace
18h ago
Jul 15th, 2026
Sublime Security
Service abuse: Calendly callback scam detection
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: Internal Revenue Service
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: FedEx
2d ago
Jul 14th, 2026
Sublime Security
Link: Multistage landing - Abused Adobe Acrobat hosted PDF
2d ago
Jul 14th, 2026
Sublime Security
Link: Self-sender with IP geolocation check and suspicious link behavior
2d ago
Jul 14th, 2026
Sublime Security
Business Email Compromise (BEC) with request for mobile number
2d ago
Jul 14th, 2026
Sublime Security
Open redirect: Diesel.az
2d ago
Jul 14th, 2026
Sublime Security
Service abuse: Microsoft Forms Pro with suspicious links or QR codes
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: Government / Tax Authority document lure
2d ago
Jul 14th, 2026
Sublime Security
Service abuse: Notion free-tier account impersonating VIP
2d ago
Jul 14th, 2026
Sublime Security
Brand impersonation: GoDaddy
2d ago
Jul 14th, 2026
Sublime Security
VIP impersonation: VIP payment redirect handoff via fake threads
3d ago
Jul 13th, 2026
Sublime Security
VIP impersonation: Payment handoff with VIP display name authored fake threads
3d ago
Jul 13th, 2026
Sublime Security
Attachment: Encrypted PDF with credential theft language in EML
3d ago
Jul 13th, 2026
Sublime Security
VIP impersonation: Fake thread with VIPs missing email metadata
3d ago
Jul 13th, 2026
Sublime Security
Link: Generic financial document with proceedural timeline template
6d ago
Jul 10th, 2026
Sublime Security
Impersonation: Employee name in subject with suspicious sender
6d ago
Jul 10th, 2026
Sublime Security
Service abuse: Oracle Cloud Workflow callback scam
6d ago
Jul 10th, 2026
Sublime Security