Spam: Sendersrv.com with financial communications and unsubscribe language

calendar Feb 24, 2026  ·
Share on: linkedin copy

Detects messages from sendersrv.com infrastructure containing unsubscribe language and financial communication topics, indicating potential abuse of the bulk email service for unauthorized financial solicitations.

Sublime rule (View on GitHub)

 1name: "Spam: Sendersrv.com with financial communications and unsubscribe language"
 2description: "Detects messages from sendersrv.com infrastructure containing unsubscribe language and financial communication topics, indicating potential abuse of the bulk email service for unauthorized financial solicitations."
 3type: "rule"
 4severity: "medium"
 5source: |
 6  type.inbound
 7  and any(headers.domains, .root_domain == "sendersrv.com")
 8  and strings.icontains(body.current_thread.text, 'unsubscribe')
 9  and any(ml.nlu_classifier(body.current_thread.text).topics,
10          .name == "Financial Communications" and .confidence != "low"
11  )  
12attack_types:
13  - "Spam"
14tactics_and_techniques:
15  - "Evasion"
16  - "Social engineering"
17detection_methods:
18  - "Header analysis"
19  - "Content analysis"
20  - "Natural Language Understanding"
21  - "Sender analysis"
22id: "69570820-4be0-500f-b5df-7ecf0a4ea9a4"
to-top