This detection rule identifies inbound emails from senders whose domains are newly established (less than or equal to 10 days old), which are associated with untrusted actors. Such senders are often a sign of phishing attempts or spam campaigns, as new domains can be spun up rapidly to evade traditional security measures. The rule utilizes WHOIS information to ascertain the age of a domain associated with the sender's email address and correlates this with the sender's solicitation history. Emails from untrusted domains that are less than 10 days old and not part of a solicited communication trigger an alert. Organizations can leverage this rule to enhance their threat detection by identifying potential threats from suspicious incoming emails and taking appropriate actions to mitigate risks.