This rule is designed to detect spam-related malvertising campaigns that exploit a compromised BlackBaud account. The detection logic focuses on specific characteristics of inbound emails that exhibit suspicious behavior indicative of abuse. Key criteria include the sender's email address pattern (matching `communications[a-z]{4,}@.+`), the presence of certain header attributes (such as `x-campaignid`), and the domain `blackbaud.com` appearing in the headers. Moreover, it scrutinizes the subject line for 'RE: ' patterns and checks if the email lacks proper reference headers, which may indicate potential phishing or spam characteristics. This rule also flags emails that contain links with missing display text, further suggesting potential malvertising attempts. By centralizing these detection methods, organizations can better identify fraudulent communications that impersonate trusted brands like Disney+ and UPS, leveraging social engineering tactics to deceive recipients.