type.inbound
and 0 < length(body.current_thread.links) < 10
and any(body.current_thread.links,
.visible
// no ability to loop query_params_decoded, so create the non-decoded equivlent
and not strings.icontains(.href_url.url, 'unsubscribe')
and not strings.icontains(.display_text, 'unsubscribe')
and any(regex.extract(.href_url.query_params,
'[?&](?P<name>[^=&]+)(?:=(?P<value>[^&]*))?'
),
// filter down to query params that start with a url
regex.contains(.named_groups['value'],
'^(?:https?(?:%253[Aa]|%3[Aa]|:))?(?:%252[Ff]|%2[Ff]|/)(?:%252[Ff]|%2[Ff]|/)'
)
// the number of unique domains in the URL query param is greater or equal to three
and length(distinct(map(filter(regex.iextract(.named_groups['value'],
'(?:https?(?:%253[Aa]|%3[Aa]|:))?(?:%252[Ff]|%2[Ff]|/)(?:%252[Ff]|%2[Ff]|/)(?P<domain>[^/\s&%]+)'
),
// sometimes URLs have // and produce entries we want to skip
// so ensure it's a valid domain first
strings.parse_domain(.named_groups['domain']
).error is null
and strings.parse_domain(.named_groups['domain']
).valid
// remove domain that are the same as the sender root domain
and strings.parse_domain(.named_groups['domain']
).root_domain != sender.email.domain.root_domain
),
// return just the root domian
strings.parse_domain(.named_groups['domain']
).root_domain
),
.
)
) >= 3
// there are three or more total URLs in that query param
and regex.count(.named_groups['value'],
'(?:https?(?:%253[Aa]|%3[Aa]|:))?(?:%252[Ff]|%2[Ff]|/)(?:%252[Ff]|%2[Ff]|/)'
) >= 3
)
)
Playground
Test against your own EMLs or sample data.