This detection rule identifies emails that are sent with undisclosed recipients and contain links to free subdomain hosting services. The rule checks if there are links in the message body with a domain that matches the predefined list of free subdomain hosts, verifying that the subdomain is not the common 'www' and that the path does not indicate it's an email signature from Google. It also ensures that there are no recipients in the CC or BCC fields. Additionally, the rule excludes known mailing list messages and identifies potentially malicious senders based on their messaging history. The sender's profile must indicate they are either new or have an outlier behavior, or that any past messages from them are flagged as malicious or spam, but without any false positives recorded in their previous interactions.