This detection rule identifies potential spam messages sent through Salesforce Marketing Cloud that employ a deceptive tactic involving personalized subject lines and greetings. Specifically, it checks for messages that simulate a previous email thread by verifying that both the current and prior messages begin with similar greeting patterns extracted from the subject line. The rule activates when it detects messages originating from the Salesforce Marketing Cloud infrastructure, indicated by specific domains and headers. Furthermore, it analyzes the body of the email to ensure only one previous thread is present and examines the greetings used in both the current and previous email threads to determine if they match the expected personalized format. This method serves as a check against social engineering attempts that utilize personalization to bypass spam filters.