This rule identifies potentially malicious emails containing hyperlinks to domains that are new, specifically those less than 10 days old, and originate from untrusted senders. It employs various detection methods, including sender analysis, URL analysis, and whois queries to extract domain age information. The rule's logic checks if the email is inbound, has hyperlinks in its body, and verifies whether any of those links point to a domain younger than 10 days. Additionally, it evaluates sender profiles, determining if they are classified as 'new' or 'outlier', and ensures that the email is unsolicited and does not have prior false positive reports. By linking newly registered domains with untrusted senders, the rule aims to combat credential phishing and malware attacks effectively. This proactive approach to email filtering helps reduce the attack surface by flagging messages that could lead to compromise through risky URLs.