This rule is designed to detect phishing attempts masquerading as communications from AliExpress. It works by analyzing the content of inbound messages, particularly looking for specific footer text associated with AliExpress and its social media links. The rule employs content and header analysis to ensure that the sender is not legitimately associated with AliExpress or Alibaba, using criteria such as DMARC authentication and the absence of known email root domains like 'aliexpress.com' or 'alibaba.com'. It will trigger an alert if the message body contains certain identified strings and at least four out of a list of specific social media links. Moreover, it checks if the email did not originate from the parent organization's mail server, thereby helping to prevent infiltration through trusted sources. This multi-faceted approach is instrumental in identifying potential brand impersonation attacks effectively.