This detection rule identifies potentially malicious email messages that contain links with special characters in their path. The rule specifically looks for links that include the recipient's email address, which may be embedded in the URL path or fragment and potentially encoded in base64. The detection criteria include the requirement that there is only one recipient in the message, and their email domain must be valid. The rule checks for the presence of special characters ('!', '@') in the link path, assesses the link structure to ensure it has a simple path with specific patterns, and looks for the recipient's email either directly or within base64 encoded segments. With high severity, this rule targets phishing attempts that exploit social engineering tactics, using straightforward URL structures that can evade detection.