This detection rule identifies spam messages that falsely claim to provide an attendee list from specific events. The messages often include details such as the number of contacts, demographic information, or sample contacts and generally offer to send pricing information when requested. The rule leverages various regex patterns to filter messages by analyzing the content, ensuring they fit certain patterns indicative of spam while filtering out legitimate requests or communications. In particular, it assesses the text length, the number of links present, and checks for key phrases related to attendee lists or databases, offering considerable coverage to identify potential spam without misclassifying genuine messages. By enforcing conditions around the content of the message and previous email threads, it seeks to sharpen the detection of this specific type of spam, ultimately aiming to enhance user experience and reduce irrelevant or harmful correspondence.