Detects inbound messages from freemail senders that embed multiple hidden HTML div elements with styling that hides content (display:none; opacity:0; width:0; height:0; overflow:hidden; aria-hidden="true") to evade content filtering. The rule counts occurrences of a specific hidden-div pattern in the HTML body and triggers if at least three are found. It restricts to freemail providers via sender.email.domain.root_domain in $free_email_providers. Classified under Credential Phishing, it leverages HTML/content analysis and sender analysis to identify evasion techniques used by attackers, potentially exposing attempts to conceal malicious content or links within legitimate-looking emails.