This detection rule identifies email messages that exhibit characteristics of impersonation by system accounts. Specifically, it targets emails that have an empty sender address and a display name that mimics well-known system accounts such as 'mailer-daemon' or 'postmaster'. The detection logic further leverages natural language processing to ensure that the body of the email does not contain legitimate bounce-back information, which would typically accompany messages sent from these accounts. It checks for topics indicating high confidence in bounce-back messages and looks for specific phrases within the subject line that are common in delivery failure notifications across multiple languages including English, Portuguese, and Chinese. This rule is crucial for mitigating risks associated with Business Email Compromise (BEC) and Credential Phishing attacks, as it seeks to identify deceptive tactics used by threat actors to exploit trust through impersonation or spoofing.