← Back to Explore
sublimemediumRule
Spam: Sendersrv.com with financial communications and unsubscribe language
Detects messages from sendersrv.com infrastructure containing unsubscribe language and financial communication topics, indicating potential abuse of the bulk email service for unauthorized financial solicitations.
Detection Query
type.inbound
and any(headers.domains, .root_domain == "sendersrv.com")
and strings.icontains(body.current_thread.text, 'unsubscribe')
and any(ml.nlu_classifier(body.current_thread.text).topics,
.name == "Financial Communications" and .confidence != "low"
)
Data Sources
Email MessagesEmail HeadersEmail Attachments
Platforms
email
Raw Content
name: "Spam: Sendersrv.com with financial communications and unsubscribe language"
description: "Detects messages from sendersrv.com infrastructure containing unsubscribe language and financial communication topics, indicating potential abuse of the bulk email service for unauthorized financial solicitations."
type: "rule"
severity: "medium"
source: |
type.inbound
and any(headers.domains, .root_domain == "sendersrv.com")
and strings.icontains(body.current_thread.text, 'unsubscribe')
and any(ml.nlu_classifier(body.current_thread.text).topics,
.name == "Financial Communications" and .confidence != "low"
)
attack_types:
- "Spam"
tactics_and_techniques:
- "Evasion"
- "Social engineering"
detection_methods:
- "Header analysis"
- "Content analysis"
- "Natural Language Understanding"
- "Sender analysis"
id: "69570820-4be0-500f-b5df-7ecf0a4ea9a4"