The rule aims to identify and flag messages promoting cryptocurrency airdrops, token claims, or rewards linked to wallets, which are common tactics in scams and phishing attempts. The criteria for detection involve checking the content of incoming messages for specific keywords and phrases that signify potential spam. The rule uses a combination of string pattern matching and regular expressions to isolate messages containing terms like 'airdrop', 'claim your', and mentions of popular cryptocurrencies or platforms (e.g., MetaMask, Ethereum, Binance). It further narrows down matches by filtering out legitimate communications from well-known cryptocurrency domains that pass DMARC checks, thus reducing false positives from reputable sources. Overall, the rule serves as an effective mechanism for combating spam related to cryptocurrency offers while being mindful of common fraudulent tactics such as social engineering.