This detection rule identifies mass spam campaigns characterized by the use of excessive space or character obfuscation within the email body, specifically focusing on links that lead to free file hosting services. The rule utilizes a combination of conditions to determine the spam nature: it checks for space padding in the email body that contains at least 30 characters followed by whitespace, indicating obfuscation. The detection also verifies if the hyperlinks present point to known free file hosting domains. To strengthen the detection, it assesses the sender's profile for behavior such as being categorized as a new or outlier sender, any history of malicious or spam messages, or the validity of the sender's email domain. Finally, the rule excludes known false positives from its detections to improve accuracy.