This detection rule is designed to identify messages that contain romantic or sexually explicit language, particularly those coupled with links to new or suspicious domains. The rule analyzes the content of incoming messages to ascertain if the current thread contains specific topics related to romance and if the associated links point to newly registered domains or have dubious reply-to email addresses. The rule uses a combination of natural language understanding (NLU) to classify the content's topics and conducts a thorough analysis of any included links against various criteria: freshness (less than 30 days old), association with URL shorteners, and validation against the sender's domain. It ensures that messages do not exhibit signs of legitimate communication by requiring that the links differ from the sender's domain. This is a proactive measure against spam and social engineering tactics that exploit romantic themes to lure recipients into clicking on potentially malicious links.