This detection rule identifies potential phishing attempts where users receive unsolicited links from the entity 'Adobe.' Specifically, it focuses on messages that claim to be from Adobe but are sent from email addresses that exhibit no established relationship with the organization of the recipient. The criteria for triggering this rule include the inclusion of the phrase 'via Adobe' in the sender's display name, verification of the sender's email address as 'message@adobe.com,' and confirmation that the email passed DMARC authentication. The rule checks for links in the email body that empower the recipient to open or review shared content and ensures that the sender does not belong to any recognized domains of the recipient organization, nor has the recipient ever initiated contact with the sender address. This rule is primarily aimed at countering credential phishing attempts via unsolicited Adobe links and falls into the attack surface reduction category.