This rule is designed to detect potential credential theft attempts using personalized messages sent through Sendgrid. It targets messages sent from new sender domains that exhibit signs of phishing. The detection logic verifies if the email is sent to a single recipient and analyzes the content for specific language indicative of credential theft with high confidence levels. The rule also checks that the recipient's email address appears in both the body of the message and any links provided, which could suggest personalized targeting. Additionally, it ensures that auto-generated message disclaimers, which could indicate legitimate emails rather than phishing attempts, are not present. Overall, the rule aims to identify highly personalized email threats that utilize social engineering techniques to deceive recipients into divulging sensitive information.