type.inbound
// Looking for Punchbowl phrasing in all body threads
and (
strings.icontains(body.current_thread.text, "punchbowl")
// Look for alt text in HTML for standardized Punchbowl formatting if string is not avail.
or strings.icontains(body.html.raw, 'alt="Punchbowl"')
)
// Phrasing is typically "You're invited"
and (strings.icontains(body.current_thread.text, "you're invited"))
// Legitimate sender will be from punchbowl, negating known non-associated domains.
and not sender.email.domain.root_domain in ("punchbowl.com", "punchbowl.news")
// Capping length to limit FP's
and length(body.current_thread.text) < 1500
Playground
Test against your own EMLs or sample data.