Attack Type: Spam

Spam refers to bulk, unsolicited messages, often promoting questionable offers, fake opportunities, or irrelevant content you never asked for. These messages typically ignore basic rules around consent and use shady tactics to sneak past filters, like misspelled words (“W1NNER,” “FREEBlE”) or fake brand names that look close to the real thing (“L0WES,” “C0STC0”).
You’ve probably seen examples: work-from-home schemes with unrealistic pay, miracle health products, SEO pitches warning about your website, or companies pushing “verified” contact lists. Some spam even pretends to be part of an ongoing thread by adding fake “RE:” or “FWD:” subject lines.
Even when the emails look polished or pass authentication checks, they’re often filled with misleading claims, fake urgency, or vague references to prior contact. While not always malicious, spam clutters inboxes, wastes time, and occasionally serves as a delivery method for more serious threats.
Tactics & Techniques (14):
Evasion
Social engineering
Free email provider
Impersonation: Brand
Free subdomain host
Free file host
Open redirect
Lookalike domain
Spoofing
Image as content
Encryption
Exploit
Scripting
PDF
Detection Methods (13):
Header analysis
Content analysis
Natural Language Understanding
Sender analysis
URL analysis
HTML analysis
Optical Character Recognition
Whois
Computer Vision
URL screenshot
Exif analysis
File analysis
YARA
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Headers: risky-recover-production message ID
7d ago
Feb 26th, 2026
Sublime Security
Spam
Evasion
Header analysis
/feeds/core/detection-rules/headers-risky-recover-production-message-id-4cc0b5dc
Reconnaissance: Empty message from uncommon sender
8d ago
Feb 25th, 2026
Sublime Security
Spam
Evasion
Social engineering
Content analysis
Header analysis
/feeds/core/detection-rules/reconnaissance-empty-message-from-uncommon-sender-b347cdbc
Spam: Sendersrv.com with financial communications and unsubscribe language
9d ago
Feb 24th, 2026
Sublime Security
Spam
Evasion
Social engineering
Header analysis
Content analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/spam-sendersrvcom-with-financial-communications-and-unsubscribe-language-69570820
Reconnaissance: Email address harvesting attempt
10d ago
Feb 23rd, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Free email provider
Social engineering
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/reconnaissance-email-address-harvesting-attempt-bb31efbc
Service abuse: Apple TestFlight with suspicious developer reference
27d ago
Feb 6th, 2026
Sublime Security
Spam
Social engineering
Content analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/service-abuse-apple-testflight-with-suspicious-developer-reference-e7ea0ee0
Spam: Commonly observed formatting of unauthorized free giveaways
1mo ago
Jan 14th, 2026
Sublime Security
Spam
Impersonation: Brand
Social engineering
Content analysis
HTML analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-commonly-observed-formatting-of-unauthorized-free-giveaways-8bc49fa3
Brand impersonation: SendGrid
1mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f
Spam: URL shortener with short body content and emojis
1mo ago
Jan 12th, 2026
Sublime Security
Spam
Free email provider
Content analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-url-shortener-with-short-body-content-and-emojis-b7797e4c
Service abuse: Random Google Firebase sender address with suspicious content
1mo ago
Jan 12th, 2026
Sublime Security
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
/feeds/core/detection-rules/service-abuse-random-google-firebase-sender-address-with-suspicious-content-9f8899a9
Spam: Campaign with excessive display-text and keywords found
1mo ago
Jan 12th, 2026
Sublime Security
Spam
Content analysis
/feeds/core/detection-rules/spam-campaign-with-excessive-display-text-and-keywords-found-140e46a1
Spam: Campaign with excessive space/char obfuscation and free file hosted link
1mo ago
Jan 12th, 2026
Sublime Security
Spam
Free file host
Content analysis
Sender analysis
/feeds/core/detection-rules/spam-campaign-with-excessive-spacechar-obfuscation-and-free-file-hosted-link-122bc0ca
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com)
1mo ago
Jan 12th, 2026
Sublime Security
Callback Phishing
Credential Phishing
Spam
Free email provider
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
/feeds/core/detection-rules/spam-default-microsoft-exchange-online-sender-domain-onmicrosoftcom-3f2a64ce
Spam: Single recipient duplicated in cc
1mo ago
Jan 12th, 2026
Sublime Security
Spam
Impersonation: Brand
Social engineering
Header analysis
Content analysis
URL analysis
Sender analysis
/feeds/core/detection-rules/spam-single-recipient-duplicated-in-cc-387cacc9
Suspicious subject with long procedurally generated text blob
1mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Spam
Evasion
Content analysis
Sender analysis
/feeds/core/detection-rules/suspicious-subject-with-long-procedurally-generated-text-blob-e819593d
Suspicious Links to Cloudflare R2 and Edge Services
1mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Spam
Free file host
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/suspicious-links-to-cloudflare-r2-and-edge-services-5dd3e5c8
Open redirect: Cartoon Network
1mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Spam
Open redirect
Evasion
Content analysis
URL analysis
/feeds/core/detection-rules/open-redirect-cartoon-network-7435e057
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns
1mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Spam
Impersonation: Brand
Social engineering
Free email provider
Content analysis
Header analysis
Sender analysis
Whois
/feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0
Brand impersonation: Hulu
1mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Spam
Free email provider
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-hulu-6833de58
Fake thread with suspicious indicators
1mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Spam
Evasion
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57
Potential prompt injection attack in body HTML
1mo ago
Jan 12th, 2026
Sublime Security
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Spam
BEC/Fraud
Evasion
Social engineering
Header analysis
HTML analysis
Content analysis
/feeds/core/detection-rules/potential-prompt-injection-attack-in-body-html-5fb24736
Page 1 of 4