This detection rule targets phishing attempts that impersonate Adobe Sign communications. It focuses on identifying emails containing elements that mimic Adobe branding while being sent from domains that are not verified Adobe domains. The rule analyzes inbound messages by filtering out those that include PDF attachments and checking for specific branding markers in the HTML content, such as references to Adobe Acrobat Sign logos. Additionally, it inspects previous email threads to determine whether they are legitimate Adobe Sign correspondence by verifying the presence of links from trusted domains associated with Adobe. The rule further examines headers for authentication integrity, primarily checking DMARC results to confirm the authenticity of the sender's domain. The objective is to detect unauthorized attempts at impersonation and email fraud, especially characterized by social engineering tactics that leverage brand recognition.