Spam

Attack Type: Spam

Spam refers to bulk, unsolicited messages, often promoting questionable offers, fake opportunities, or irrelevant content you never asked for. These messages typically ignore basic rules around consent and use shady tactics to sneak past filters, like misspelled words (“W1NNER,” “FREEBlE”) or fake brand names that look close to the real thing (“L0WES,” “C0STC0”).

You’ve probably seen examples: work-from-home schemes with unrealistic pay, miracle health products, SEO pitches warning about your website, or companies pushing “verified” contact lists. Some spam even pretends to be part of an ongoing thread by adding fake “RE:” or “FWD:” subject lines.

Even when the emails look polished or pass authentication checks, they’re often filled with misleading claims, fake urgency, or vague references to prior contact. While not always malicious, spam clutters inboxes, wastes time, and occasionally serves as a delivery method for more serious threats.

Tactics & Techniques (7):

Detection Methods (10):

Natural Language Understanding

Optical Character Recognition

HTML analysis

Computer Vision

Exif analysis

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Spam: Attendee List solicitation	9d ago May 14th, 2025	Sublime Security	Spam Content analysis Sender analysis	/feeds/core/detection-rules/spam-attendee-list-solicitation-69715b62
Service Abuse: Adobe Sign Notification From an Unsolicited Reply-To Address	23d ago Apr 30th, 2025	Sublime Security	BEC/Fraud Callback Phishing Spam Social engineering Impersonation: Brand Header analysis Sender analysis	/feeds/core/detection-rules/service-abuse-adobe-sign-notification-from-an-unsolicited-reply-to-address-d00893ba
Spam: Fake photo share	1mo ago Apr 16th, 2025	Sublime Security	Spam Evasion Social engineering Content analysis Sender analysis URL analysis Whois	/feeds/core/detection-rules/spam-fake-photo-share-eb086f7d
Brand Impersonation: SendGrid	1mo ago Apr 15th, 2025	Sublime Security	BEC/Fraud Credential Phishing Spam Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f
Brand Impersonation: Vanguard	1mo ago Apr 11th, 2025	Sublime Security	BEC/Fraud Callback Phishing Credential Phishing Extortion Malware/Ransomware Spam Impersonation: Brand Natural Language Understanding Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-vanguard-3bd048fe
Link: Squarespace Infrastructure Abuse	1mo ago Apr 1st, 2025	Sublime Security	Credential Phishing Spam Impersonation: Brand Social engineering Header analysis URL analysis Sender analysis	/feeds/core/detection-rules/link-squarespace-infrastructure-abuse-a8fe9d30
Open Redirect: Cartoon Network	2mo ago Mar 18th, 2025	Sublime Security	Credential Phishing Spam Open redirect Evasion Content analysis URL analysis	/feeds/core/detection-rules/open-redirect-cartoon-network-7435e057
Brand Impersonation: WeTransfer	2mo ago Mar 12th, 2025	Sublime Security	BEC/Fraud Callback Phishing Credential Phishing Extortion Malware/Ransomware Spam Impersonation: Brand Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-wetransfer-e37885ad
Suspicious subject with long procedurally generated text blob	2mo ago Mar 12th, 2025	Sublime Security	Credential Phishing Spam Evasion Content analysis Sender analysis	/feeds/core/detection-rules/suspicious-subject-with-long-procedurally-generated-text-blob-e819593d
BEC/Fraud: Urgent Language and Suspicious Sending/Infrastructure Patterns	2mo ago Mar 10th, 2025	Sublime Security	BEC/Fraud Callback Phishing Spam Impersonation: Brand Social engineering Free email provider Content analysis Header analysis Sender analysis Whois	/feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0
Spam: Image as content with Hidden HTML Element	2mo ago Mar 3rd, 2025	Sublime Security	Spam Evasion Image as content Content analysis HTML analysis Sender analysis	/feeds/core/detection-rules/spam-image-as-content-with-hidden-html-element-5de8861f
Unusually Long Local Part From Untrusted Sender Address	2mo ago Feb 24th, 2025	Sublime Security	Credential Phishing Spam Evasion Header analysis Sender analysis	/feeds/core/detection-rules/unusually-long-local-part-from-untrusted-sender-address-91a9cd45
Twitter infrastructure abuse via link shortener	3mo ago Feb 6th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Spam Evasion Impersonation: Brand Social engineering Content analysis Sender analysis URL analysis	/feeds/core/detection-rules/twitter-infrastructure-abuse-via-link-shortener-99ca165e
Brand impersonation: Hulu	3mo ago Feb 4th, 2025	Sublime Security	Credential Phishing Spam Free email provider Impersonation: Brand Lookalike domain Social engineering Computer Vision Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-hulu-6833de58
Spam: Sexually Explicit Google Group Invitation	4mo ago Jan 16th, 2025	Sublime Security	Spam Free email provider Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/spam-sexually-explicit-google-group-invitation-4e0bec29
Spam: Sexually Explicit Looker Studio Report	4mo ago Jan 16th, 2025	Sublime Security	Spam Social engineering Free email provider Content analysis Sender analysis	/feeds/core/detection-rules/spam-sexually-explicit-looker-studio-report-f1e649cd
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com)	4mo ago Jan 10th, 2025	Sublime Security	Callback Phishing Credential Phishing Spam Free email provider Impersonation: Brand Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/spam-default-microsoft-exchange-online-sender-domain-onmicrosoftcom-3f2a64ce
Brand Impersonation: SiriusXM	4mo ago Jan 9th, 2025	Sublime Security	Callback Phishing Credential Phishing Spam Free email provider Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-siriusxm-70eb3792
Spam: Item Giveaway Spam Template	4mo ago Jan 8th, 2025	Sublime Security	Spam Image as content Content analysis HTML analysis Sender analysis Exif analysis	/feeds/core/detection-rules/spam-item-giveaway-spam-template-06a5f93b
Brand impersonation: KnowBe4	5mo ago Nov 25th, 2024	Sublime Security	Credential Phishing Spam Free email provider Impersonation: Brand Lookalike domain Social engineering Computer Vision Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-knowbe4-7c798386