This rule aims to detect potentially malicious emails that appear to be sent from the legacy email client, Outlook Express. Outlook Express is outdated and no longer receives support, making its existence in email headers a red flag for potential phishing attempts or fraud. The detection is executed through an inbound email processing pipeline where the rule checks if the 'mailer' header in the email contains the string 'Outlook Express'. Additionally, it filters out benign messages by analyzing the sender's email and ensuring that only emails from previously identified non-malicious senders are excluded from detection. This mechanism helps to elevate the accuracy of the detection and minimize false positives. The rule is relevant in the context of business email compromise (BEC), credential phishing, and malware delivery, making it crucial for maintaining email security.