This detection rule aims to identify email senders whose display names consist of long, nonsensical strings often associated with phishing or spam activities. Such display names can be crafted using procedurally generated characters, which help evade traditional email filtering mechanisms. The rule uses a regular expression to look for sender display names that are at least 35 characters long, composed of word characters and Unicode characters. To minimize false positives, it incorporates conditions to negate certain trusted domains and domains belonging to the organization, unless they are flagged for failing DMARC authentication. This approach helps to refine the detection of potentially malicious messages by focusing on less credible senders while avoiding interference from legitimate sources.