Sublime Security

Sublime Core Feed
Spam
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Attack Type: Spam
Spam refers to bulk, unsolicited messages, often promoting questionable offers, fake opportunities, or irrelevant content you never asked for. These messages typically ignore basic rules around consent and use shady tactics to sneak past filters, like misspelled words (“W1NNER,” “FREEBlE”) or fake brand names that look close to the real thing (“L0WES,” “C0STC0”).
You’ve probably seen examples: work-from-home schemes with unrealistic pay, miracle health products, SEO pitches warning about your website, or companies pushing “verified” contact lists. Some spam even pretends to be part of an ongoing thread by adding fake “RE:” or “FWD:” subject lines.
Even when the emails look polished or pass authentication checks, they’re often filled with misleading claims, fake urgency, or vague references to prior contact. While not always malicious, spam clutters inboxes, wastes time, and occasionally serves as a delivery method for more serious threats.
Tactics & Techniques (14):
Evasion
Social engineering
Free email provider
Spoofing
Free subdomain host
Impersonation: Brand
Image as content
Lookalike domain
Free file host
Open redirect
Encryption
PDF
Exploit
Scripting
Detection Methods (13):
Content analysis
Sender analysis
Natural Language Understanding
Header analysis
URL analysis
HTML analysis
Whois
URL screenshot
Optical Character Recognition
Computer Vision
Exif analysis
File analysis
YARA
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Spam: Website errors solicitation
22d ago
Dec 11th, 2025
Sublime Security
Spam
Content analysis
Sender analysis
Natural Language Understanding
Spam
Content analysis
Sender analysis
Natural Language Understanding
/feeds/core/detection-rules/spam-website-errors-solicitation-122ea794
Fake thread with suspicious indicators
24d ago
Dec 9th, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Evasion
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Credential Phishing
Spam
Evasion
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57
Spam: Fake dating profile notification
1mo ago
Dec 3rd, 2025
Sublime Security
Spam
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Spam
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-fake-dating-profile-notification-0f33fea2
Spam: Firebase password reset from suspicious sender
1mo ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
Spam
Evasion
Social engineering
Header analysis
Sender analysis
URL analysis
Credential Phishing
Spam
Evasion
Social engineering
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-firebase-password-reset-from-suspicious-sender-a2f673a9
Spam: SMTP & Proxy Communications in Email Body
1mo ago
Dec 2nd, 2025
Sublime Security
Spam
Free email provider
Content analysis
Spam
Free email provider
Content analysis
/feeds/core/detection-rules/spam-smtp-and-proxy-communications-in-email-body-2bdc6a3b
Link abuse: Self-service creation platform link with suspicious recipient behavior
1mo ago
Dec 2nd, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Free email provider
Social engineering
Header analysis
Sender analysis
URL analysis
BEC/Fraud
Credential Phishing
Spam
Free email provider
Social engineering
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/link-abuse-self-service-creation-platform-link-with-suspicious-recipient-behavior-384ad135
Body: Embedded email headers indicative of thread hijacking/abuse
1mo ago
Dec 1st, 2025
Sublime Security
Credential Phishing
BEC/Fraud
Spam
Evasion
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Credential Phishing
BEC/Fraud
Spam
Evasion
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/body-embedded-email-headers-indicative-of-thread-hijackingabuse-6e8eeebb
Service abuse: Random Google Firebase sender address with suspicious content
1mo ago
Nov 26th, 2025
Sublime Security
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
/feeds/core/detection-rules/service-abuse-random-google-firebase-sender-address-with-suspicious-content-9f8899a9
Link: Spam website with evasion indicators
1mo ago
Nov 25th, 2025
Sublime Security
Spam
Evasion
URL analysis
URL screenshot
Content analysis
Spam
Evasion
URL analysis
URL screenshot
Content analysis
/feeds/core/detection-rules/link-spam-website-with-evasion-indicators-08bcd353
Spam: Unsolicited WordPress account creation or password reset request
1mo ago
Nov 24th, 2025
Sublime Security
Spam
Social engineering
Header analysis
Sender analysis
URL analysis
Spam
Social engineering
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-unsolicited-wordpress-account-creation-or-password-reset-request-e182b6b2
Headers: Invalid recipient domain with mismatched reply-to from new sender
1mo ago
Nov 21st, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Evasion
Social engineering
Header analysis
Sender analysis
BEC/Fraud
Credential Phishing
Spam
Evasion
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/headers-invalid-recipient-domain-with-mismatched-reply-to-from-new-sender-f375ded1
Brand impersonation: SendGrid
1mo ago
Nov 17th, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
BEC/Fraud
Credential Phishing
Spam
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f
Spam: Sexually explicit Google group invitation
1mo ago
Nov 12th, 2025
Sublime Security
Spam
Free email provider
Social engineering
Content analysis
Sender analysis
Spam
Free email provider
Social engineering
Content analysis
Sender analysis
/feeds/core/detection-rules/spam-sexually-explicit-google-group-invitation-4e0bec29
Spam: Fake photo share
1mo ago
Nov 8th, 2025
Sublime Security
Spam
Evasion
Social engineering
Content analysis
Sender analysis
URL analysis
Whois
Spam
Evasion
Social engineering
Content analysis
Sender analysis
URL analysis
Whois
/feeds/core/detection-rules/spam-fake-photo-share-eb086f7d
Credential theft: Gophish abuse with hidden tracking image
1mo ago
Nov 5th, 2025
Sublime Security
Spam
Evasion
Image as content
Content analysis
HTML analysis
Spam
Evasion
Image as content
Content analysis
HTML analysis
/feeds/core/detection-rules/credential-theft-gophish-abuse-with-hidden-tracking-image-59915ceb
Spam: Mastercard promotional content with image-based body
1mo ago
Nov 5th, 2025
Sublime Security
Credential Phishing
Spam
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Credential Phishing
Spam
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/spam-mastercard-promotional-content-with-image-based-body-5f2cb559
Spam: Personalized subject and greetings via Salesforce Marketing Cloud
1mo ago
Nov 3rd, 2025
Sublime Security
Spam
Social engineering
Content analysis
Header analysis
Spam
Social engineering
Content analysis
Header analysis
/feeds/core/detection-rules/spam-personalized-subject-and-greetings-via-salesforce-marketing-cloud-c77f127f
Spam/fraud: Predatory journal/research paper request
1mo ago
Nov 3rd, 2025
Sublime Security
BEC/Fraud
Spam
Social engineering
Impersonation: Brand
Lookalike domain
Evasion
Natural Language Understanding
Content analysis
Sender analysis
URL analysis
Whois
BEC/Fraud
Spam
Social engineering
Impersonation: Brand
Lookalike domain
Evasion
Natural Language Understanding
Content analysis
Sender analysis
URL analysis
Whois
/feeds/core/detection-rules/spamfraud-predatory-journalresearch-paper-request-263ca56b
Spam: Ghostwriting services scam with manipulative language
2mo ago
Oct 17th, 2025
Sublime Security
Spam
Social engineering
Content analysis
Sender analysis
Spam
Social engineering
Content analysis
Sender analysis
/feeds/core/detection-rules/spam-ghostwriting-services-scam-with-manipulative-language-b747c3ea
Spam: Cryptocurrency airdrop/giveaway
2mo ago
Oct 16th, 2025
Sublime Security
Spam
Social engineering
Impersonation: Brand
Content analysis
Spam
Social engineering
Impersonation: Brand
Content analysis
/feeds/core/detection-rules/spam-cryptocurrency-airdropgiveaway-80a2e2fd
Page 1 of 4

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Spam: Website errors solicitation	22d ago Dec 11th, 2025	Sublime Security	Spam Content analysis Sender analysis Natural Language Understanding	/feeds/core/detection-rules/spam-website-errors-solicitation-122ea794
Fake thread with suspicious indicators	24d ago Dec 9th, 2025	Sublime Security	BEC/Fraud Credential Phishing Spam Evasion Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57
Spam: Fake dating profile notification	1mo ago Dec 3rd, 2025	Sublime Security	Spam Free email provider Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/spam-fake-dating-profile-notification-0f33fea2
Spam: Firebase password reset from suspicious sender	1mo ago Dec 2nd, 2025	Sublime Security	Credential Phishing Spam Evasion Social engineering Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/spam-firebase-password-reset-from-suspicious-sender-a2f673a9
Spam: SMTP & Proxy Communications in Email Body	1mo ago Dec 2nd, 2025	Sublime Security	Spam Free email provider Content analysis	/feeds/core/detection-rules/spam-smtp-and-proxy-communications-in-email-body-2bdc6a3b
Link abuse: Self-service creation platform link with suspicious recipient behavior	1mo ago Dec 2nd, 2025	Sublime Security	BEC/Fraud Credential Phishing Spam Free email provider Social engineering Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/link-abuse-self-service-creation-platform-link-with-suspicious-recipient-behavior-384ad135
Body: Embedded email headers indicative of thread hijacking/abuse	1mo ago Dec 1st, 2025	Sublime Security	Credential Phishing BEC/Fraud Spam Evasion Social engineering Spoofing Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/body-embedded-email-headers-indicative-of-thread-hijackingabuse-6e8eeebb
Service abuse: Random Google Firebase sender address with suspicious content	1mo ago Nov 26th, 2025	Sublime Security	Spam Credential Phishing Free subdomain host Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis URL analysis Whois	/feeds/core/detection-rules/service-abuse-random-google-firebase-sender-address-with-suspicious-content-9f8899a9
Link: Spam website with evasion indicators	1mo ago Nov 25th, 2025	Sublime Security	Spam Evasion URL analysis URL screenshot Content analysis	/feeds/core/detection-rules/link-spam-website-with-evasion-indicators-08bcd353
Spam: Unsolicited WordPress account creation or password reset request	1mo ago Nov 24th, 2025	Sublime Security	Spam Social engineering Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/spam-unsolicited-wordpress-account-creation-or-password-reset-request-e182b6b2
Headers: Invalid recipient domain with mismatched reply-to from new sender	1mo ago Nov 21st, 2025	Sublime Security	BEC/Fraud Credential Phishing Spam Evasion Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/headers-invalid-recipient-domain-with-mismatched-reply-to-from-new-sender-f375ded1
Brand impersonation: SendGrid	1mo ago Nov 17th, 2025	Sublime Security	BEC/Fraud Credential Phishing Spam Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f
Spam: Sexually explicit Google group invitation	1mo ago Nov 12th, 2025	Sublime Security	Spam Free email provider Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/spam-sexually-explicit-google-group-invitation-4e0bec29
Spam: Fake photo share	1mo ago Nov 8th, 2025	Sublime Security	Spam Evasion Social engineering Content analysis Sender analysis URL analysis Whois	/feeds/core/detection-rules/spam-fake-photo-share-eb086f7d
Credential theft: Gophish abuse with hidden tracking image	1mo ago Nov 5th, 2025	Sublime Security	Spam Evasion Image as content Content analysis HTML analysis	/feeds/core/detection-rules/credential-theft-gophish-abuse-with-hidden-tracking-image-59915ceb
Spam: Mastercard promotional content with image-based body	1mo ago Nov 5th, 2025	Sublime Security	Credential Phishing Spam Image as content Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/spam-mastercard-promotional-content-with-image-based-body-5f2cb559
Spam: Personalized subject and greetings via Salesforce Marketing Cloud	1mo ago Nov 3rd, 2025	Sublime Security	Spam Social engineering Content analysis Header analysis	/feeds/core/detection-rules/spam-personalized-subject-and-greetings-via-salesforce-marketing-cloud-c77f127f
Spam/fraud: Predatory journal/research paper request	1mo ago Nov 3rd, 2025	Sublime Security	BEC/Fraud Spam Social engineering Impersonation: Brand Lookalike domain Evasion Natural Language Understanding Content analysis Sender analysis URL analysis Whois	/feeds/core/detection-rules/spamfraud-predatory-journalresearch-paper-request-263ca56b
Spam: Ghostwriting services scam with manipulative language	2mo ago Oct 17th, 2025	Sublime Security	Spam Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/spam-ghostwriting-services-scam-with-manipulative-language-b747c3ea
Spam: Cryptocurrency airdrop/giveaway	2mo ago Oct 16th, 2025	Sublime Security	Spam Social engineering Impersonation: Brand Content analysis	/feeds/core/detection-rules/spam-cryptocurrency-airdropgiveaway-80a2e2fd