This detection rule targets email messages containing links to Cloudflare services such as R2 storage, Pages, and Workers. It identifies potential phishing attempts or malicious communications from unsolicited sources. The rule effectively filters messages from senders who are not on a trusted sender list or have previously failed DMARC authentication by utilizing multiple checks. It primarily focuses on URLs with root domains related to Cloudflare services, negating messages that include links containing 'unsubscribe' to avoid false positives from legitimate bulk emails. Additionally, this rule avoids conflicting with known domains associated with bulk senders to eliminate noise from high-volume communication. By analyzing sender profiles and the content of the messages, the rule ensures coverage for potential high-risk categories such as Business Email Compromise (BEC), various phishing schemes, and spam while assessing the credibility of the sender's domain and content relevance.