This detection rule identifies potential brand impersonation attacks focusing on Squarespace. It analyzes the sender's display name and subject line for similarity to legitimate Squarespace indicators. If the sender's display name contains 'squarespace' or is closely resembling it by a Levenshtein distance of less than 2, the rule triggers. The detection further checks that the sender's email domain is not from approved organizational domains or recognized Squarespace domains (such as squarespace.com, squarespace.info, and shipstation.com), especially if the sender passes DMARC authentication checks. It also includes a safeguard against highly trusted domains, whereby it verifies that such senders are only flagged if they fail DMARC authentication. This strategy aims to detect phishing attacks that seek to deceive recipients by creating a facade of legitimacy through similar branding.