Detects inbound messages containing two or more HTML span elements with data-markjs="true" and inline style background-color: rgb(255, 241, 0). This pattern signals potential evasion through visual markup manipulation using Mark.js highlighting. The rule triggers when the count of such spans in body.html.raw is >= 2, indicating a deliberate attempt to obscure or highlight content for phishing/BEC campaigns. While low severity, this rule helps flag suspicious emails that employ visual deception tactics and warrants further inspection of the links or instructions within the highlighted segments.