The detection rule identifies messages that contain links to the domain 'app.jensi.io' from unsolicited senders. Jensi is a service that allows users to upload and preview files directly within a browser. However, this service has been exploited by threat actors to create phishing pages that lead to credential theft. The rule works by inspecting the message to check if it contains at least one link to the specified domain, specifically focusing on URLs that start with '/public/preview/file/' to indicate a document preview. Furthermore, it assesses whether the sender is solicited or comes from known malicious/spam profiles without documented false positives. Safety checks against high trust sender domains ensure that legitimate communications are not mistakenly flagged, especially focusing on those that failed DMARC validation. The overall goal is to catch instances of callback phishing carried out through unrequested communications that may utilize this service.