Low Severity

Spam: Sexually Explicit Looker Studio Report

Description

Detects suspicious Looker Studio Reports which containing inappropriate content or suspicious patterns. The rule looks for reports from non-organizational domains that contain emojis or explicit keywords within the report.

References

No references.

Sublime Security
Created Jan 15th, 2025 • Last updated May 29th, 2025
Source
type.inbound
// 
//  Warning: This rule contains sexually explicit keywords
// 
and sender.email.email == "looker-studio-noreply@google.com"
// the invite is not from an $org_domain user
and all(headers.reply_to,
        .email.domain.domain not in $org_domains
        and .email.email not in $recipient_emails
        and .email.email not in $sender_emails
)
// the subject or the body contain sexually explicit keywords
and any([subject.subject, body.current_thread.text],
        // this regex should be kept in sync between the Google Group, Google Drive Share, and Looker Studio rules
        regex.icontains(.,
                        '(?:sex|horny|cock|fuck|\bass\b|pussy|dick|tits|cum|girlfriend|boyfriend|naked|porn|video|webcam|masturbate|orgasm|breasts|penis|vagina|strip|suck|blowjob|hardcore|xxx|nudes?|sexting|cheating|affair|erotic|\blust\b|desire|intimate|explicit|fetish|kinky|seduce|adult\s*(?:\w+\s+){0,2}\s*community|cam shows|local (?:girls?|women|single)|hook.?up|bed partner)'
        )
)
MQL Rule Console
DocsLearning Labs

Playground

Test against your own EMLs or sample data.

Share

Post about this on your socials.

Get Started. Today.

Managed or self-managed. No MX changes.