This detection rule identifies spam attempts that impersonate popular brands using specific HTML templates commonly associated with item giveaway promotions or surveys. The rule’s logic begins by focusing on inbound messages, ensuring that either the sender is not on the solicited list or they have an empty email address, thereby increasing the chance of capturing unsolicited messages. It further checks the trustworthiness of the sender by examining their domain against a list of high trust domains. If the sender's domain fails DMARC authentication or is absent from the high trust list, the rule continues. The content of the email is scrutinized through regular expressions targeting specific HTML patterns typical of spam messages. These patterns include links and images, which are characteristic of marketing scams that use enticing visuals to lure users. The detection methods employed by this rule include content and HTML analysis, sender analysis, and Exif analysis, ensuring a comprehensive approach to identifying spamming tactics that utilize images as primary content.