This security rule is designed to identify potential reconnaissance attacks in email communications. It focuses on detecting messages sent to a large number of unknown recipients without links or attachments, indicating a possible validation test for whether recipients' addresses are legitimate. The rule assesses various characteristics of the email, including the number of recipients, the subject and body length, and the nature of the links and attachments. Specifically, the rule triggers when more than ten recipients not belonging to the organization's known domains are included in the email, the subject length is brief (10 characters or fewer), and there are no links or attachments, or very limited ones that do not exhibit usual characteristics of legitimate communication. Additionally, it includes validation of the sender's trustworthiness based on their domain reputation and DMARC authentication status. The low severity rating suggests that while the detections are noteworthy, they do not immediately indicate a blatant security threat and should be further investigated.