Sublime Security

Sublime Core Feed
Spam
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Attack Type: Spam
Spam refers to bulk, unsolicited messages, often promoting questionable offers, fake opportunities, or irrelevant content you never asked for. These messages typically ignore basic rules around consent and use shady tactics to sneak past filters, like misspelled words (“W1NNER,” “FREEBlE”) or fake brand names that look close to the real thing (“L0WES,” “C0STC0”).
You’ve probably seen examples: work-from-home schemes with unrealistic pay, miracle health products, SEO pitches warning about your website, or companies pushing “verified” contact lists. Some spam even pretends to be part of an ongoing thread by adding fake “RE:” or “FWD:” subject lines.
Even when the emails look polished or pass authentication checks, they’re often filled with misleading claims, fake urgency, or vague references to prior contact. While not always malicious, spam clutters inboxes, wastes time, and occasionally serves as a delivery method for more serious threats.
Tactics & Techniques (14):
Impersonation: Brand
Social engineering
Free email provider
Free file host
Lookalike domain
Evasion
Free subdomain host
Open redirect
Spoofing
Image as content
Encryption
PDF
Exploit
Scripting
Detection Methods (13):
Content analysis
HTML analysis
Sender analysis
URL analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Whois
Computer Vision
URL screenshot
File analysis
YARA
Exif analysis
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Spam: Commonly observed formatting of unauthorized free giveaways
9d ago
Jan 14th, 2026
Sublime Security
Spam
Impersonation: Brand
Social engineering
Content analysis
HTML analysis
Sender analysis
URL analysis
Spam
Impersonation: Brand
Social engineering
Content analysis
HTML analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-commonly-observed-formatting-of-unauthorized-free-giveaways-8bc49fa3
Brand impersonation: SendGrid
11d ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
BEC/Fraud
Credential Phishing
Spam
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f
Reconnaissance: Email address harvesting attempt
11d ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Free email provider
Social engineering
Content analysis
Header analysis
Sender analysis
URL analysis
BEC/Fraud
Credential Phishing
Spam
Free email provider
Social engineering
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/reconnaissance-email-address-harvesting-attempt-bb31efbc
Spam: Campaign with excessive display-text and keywords found
11d ago
Jan 12th, 2026
Sublime Security
Spam
Content analysis
Spam
Content analysis
/feeds/core/detection-rules/spam-campaign-with-excessive-display-text-and-keywords-found-140e46a1
Suspicious Links to Cloudflare R2 and Edge Services
11d ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Spam
Free file host
Header analysis
Sender analysis
URL analysis
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Spam
Free file host
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/suspicious-links-to-cloudflare-r2-and-edge-services-5dd3e5c8
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns
11d ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Spam
Impersonation: Brand
Social engineering
Free email provider
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Callback Phishing
Spam
Impersonation: Brand
Social engineering
Free email provider
Content analysis
Header analysis
Sender analysis
Whois
/feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0
Brand impersonation: Hulu
11d ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Spam
Free email provider
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Header analysis
Sender analysis
Credential Phishing
Spam
Free email provider
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-hulu-6833de58
Fake thread with suspicious indicators
11d ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Evasion
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Credential Phishing
Spam
Evasion
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57
Potential prompt injection attack in body HTML
11d ago
Jan 12th, 2026
Sublime Security
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Spam
BEC/Fraud
Evasion
Social engineering
Header analysis
HTML analysis
Content analysis
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Spam
BEC/Fraud
Evasion
Social engineering
Header analysis
HTML analysis
Content analysis
/feeds/core/detection-rules/potential-prompt-injection-attack-in-body-html-5fb24736
Spam: Campaign with excessive space/char obfuscation and free file hosted link
11d ago
Jan 12th, 2026
Sublime Security
Spam
Free file host
Content analysis
Sender analysis
Spam
Free file host
Content analysis
Sender analysis
/feeds/core/detection-rules/spam-campaign-with-excessive-spacechar-obfuscation-and-free-file-hosted-link-122bc0ca
Service abuse: Random Google Firebase sender address with suspicious content
11d ago
Jan 12th, 2026
Sublime Security
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
/feeds/core/detection-rules/service-abuse-random-google-firebase-sender-address-with-suspicious-content-9f8899a9
Open redirect: Cartoon Network
11d ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Spam
Open redirect
Evasion
Content analysis
URL analysis
Credential Phishing
Spam
Open redirect
Evasion
Content analysis
URL analysis
/feeds/core/detection-rules/open-redirect-cartoon-network-7435e057
Suspicious subject with long procedurally generated text blob
11d ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Spam
Evasion
Content analysis
Sender analysis
Credential Phishing
Spam
Evasion
Content analysis
Sender analysis
/feeds/core/detection-rules/suspicious-subject-with-long-procedurally-generated-text-blob-e819593d
Spam: URL shortener with short body content and emojis
11d ago
Jan 12th, 2026
Sublime Security
Spam
Free email provider
Content analysis
Sender analysis
URL analysis
Spam
Free email provider
Content analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-url-shortener-with-short-body-content-and-emojis-b7797e4c
Spam: Single recipient duplicated in cc
11d ago
Jan 12th, 2026
Sublime Security
Spam
Impersonation: Brand
Social engineering
Header analysis
Content analysis
URL analysis
Sender analysis
Spam
Impersonation: Brand
Social engineering
Header analysis
Content analysis
URL analysis
Sender analysis
/feeds/core/detection-rules/spam-single-recipient-duplicated-in-cc-387cacc9
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com)
11d ago
Jan 12th, 2026
Sublime Security
Callback Phishing
Credential Phishing
Spam
Free email provider
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
Callback Phishing
Credential Phishing
Spam
Free email provider
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
/feeds/core/detection-rules/spam-default-microsoft-exchange-online-sender-domain-onmicrosoftcom-3f2a64ce
Spam: Website errors solicitation
1mo ago
Dec 11th, 2025
Sublime Security
Spam
Content analysis
Sender analysis
Natural Language Understanding
Spam
Content analysis
Sender analysis
Natural Language Understanding
/feeds/core/detection-rules/spam-website-errors-solicitation-122ea794
Spam: Fake dating profile notification
1mo ago
Dec 3rd, 2025
Sublime Security
Spam
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Spam
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-fake-dating-profile-notification-0f33fea2
Spam: Firebase password reset from suspicious sender
1mo ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
Spam
Evasion
Social engineering
Header analysis
Sender analysis
URL analysis
Credential Phishing
Spam
Evasion
Social engineering
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-firebase-password-reset-from-suspicious-sender-a2f673a9
Spam: SMTP & Proxy Communications in Email Body
1mo ago
Dec 2nd, 2025
Sublime Security
Spam
Free email provider
Content analysis
Spam
Free email provider
Content analysis
/feeds/core/detection-rules/spam-smtp-and-proxy-communications-in-email-body-2bdc6a3b
Page 1 of 4

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Spam: Commonly observed formatting of unauthorized free giveaways	9d ago Jan 14th, 2026	Sublime Security	Spam Impersonation: Brand Social engineering Content analysis HTML analysis Sender analysis URL analysis	/feeds/core/detection-rules/spam-commonly-observed-formatting-of-unauthorized-free-giveaways-8bc49fa3
Brand impersonation: SendGrid	11d ago Jan 12th, 2026	Sublime Security	BEC/Fraud Credential Phishing Spam Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f
Reconnaissance: Email address harvesting attempt	11d ago Jan 12th, 2026	Sublime Security	BEC/Fraud Credential Phishing Spam Free email provider Social engineering Content analysis Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/reconnaissance-email-address-harvesting-attempt-bb31efbc
Spam: Campaign with excessive display-text and keywords found	11d ago Jan 12th, 2026	Sublime Security	Spam Content analysis	/feeds/core/detection-rules/spam-campaign-with-excessive-display-text-and-keywords-found-140e46a1
Suspicious Links to Cloudflare R2 and Edge Services	11d ago Jan 12th, 2026	Sublime Security	BEC/Fraud Callback Phishing Credential Phishing Extortion Malware/Ransomware Spam Free file host Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/suspicious-links-to-cloudflare-r2-and-edge-services-5dd3e5c8
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns	11d ago Jan 12th, 2026	Sublime Security	BEC/Fraud Callback Phishing Spam Impersonation: Brand Social engineering Free email provider Content analysis Header analysis Sender analysis Whois	/feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0
Brand impersonation: Hulu	11d ago Jan 12th, 2026	Sublime Security	Credential Phishing Spam Free email provider Impersonation: Brand Lookalike domain Social engineering Computer Vision Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-hulu-6833de58
Fake thread with suspicious indicators	11d ago Jan 12th, 2026	Sublime Security	BEC/Fraud Credential Phishing Spam Evasion Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57
Potential prompt injection attack in body HTML	11d ago Jan 12th, 2026	Sublime Security	Callback Phishing Credential Phishing Extortion Malware/Ransomware Spam BEC/Fraud Evasion Social engineering Header analysis HTML analysis Content analysis	/feeds/core/detection-rules/potential-prompt-injection-attack-in-body-html-5fb24736
Spam: Campaign with excessive space/char obfuscation and free file hosted link	11d ago Jan 12th, 2026	Sublime Security	Spam Free file host Content analysis Sender analysis	/feeds/core/detection-rules/spam-campaign-with-excessive-spacechar-obfuscation-and-free-file-hosted-link-122bc0ca
Service abuse: Random Google Firebase sender address with suspicious content	11d ago Jan 12th, 2026	Sublime Security	Spam Credential Phishing Free subdomain host Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis URL analysis Whois	/feeds/core/detection-rules/service-abuse-random-google-firebase-sender-address-with-suspicious-content-9f8899a9
Open redirect: Cartoon Network	11d ago Jan 12th, 2026	Sublime Security	Credential Phishing Spam Open redirect Evasion Content analysis URL analysis	/feeds/core/detection-rules/open-redirect-cartoon-network-7435e057
Suspicious subject with long procedurally generated text blob	11d ago Jan 12th, 2026	Sublime Security	Credential Phishing Spam Evasion Content analysis Sender analysis	/feeds/core/detection-rules/suspicious-subject-with-long-procedurally-generated-text-blob-e819593d
Spam: URL shortener with short body content and emojis	11d ago Jan 12th, 2026	Sublime Security	Spam Free email provider Content analysis Sender analysis URL analysis	/feeds/core/detection-rules/spam-url-shortener-with-short-body-content-and-emojis-b7797e4c
Spam: Single recipient duplicated in cc	11d ago Jan 12th, 2026	Sublime Security	Spam Impersonation: Brand Social engineering Header analysis Content analysis URL analysis Sender analysis	/feeds/core/detection-rules/spam-single-recipient-duplicated-in-cc-387cacc9
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com)	11d ago Jan 12th, 2026	Sublime Security	Callback Phishing Credential Phishing Spam Free email provider Impersonation: Brand Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/spam-default-microsoft-exchange-online-sender-domain-onmicrosoftcom-3f2a64ce
Spam: Website errors solicitation	1mo ago Dec 11th, 2025	Sublime Security	Spam Content analysis Sender analysis Natural Language Understanding	/feeds/core/detection-rules/spam-website-errors-solicitation-122ea794
Spam: Fake dating profile notification	1mo ago Dec 3rd, 2025	Sublime Security	Spam Free email provider Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/spam-fake-dating-profile-notification-0f33fea2
Spam: Firebase password reset from suspicious sender	1mo ago Dec 2nd, 2025	Sublime Security	Credential Phishing Spam Evasion Social engineering Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/spam-firebase-password-reset-from-suspicious-sender-a2f673a9
Spam: SMTP & Proxy Communications in Email Body	1mo ago Dec 2nd, 2025	Sublime Security	Spam Free email provider Content analysis	/feeds/core/detection-rules/spam-smtp-and-proxy-communications-in-email-body-2bdc6a3b