This rule is designed to detect fraudulent messages that impersonate the American Association of Retired Persons (AARP). The detection mechanism works by analyzing the sender's display name and the content of the message for specific references to AARP, such as its address or terms commonly associated with scams, like 'gift' or 'free'. The rule filters messages based on several criteria that must be met, including the requirement that the sender is not associated with recognized AARP domains and that they have not passed authentication checks like DMARC. Additionally, messages related to legitimate AARP job postings or newsletters described with high confidence by a machine learning classifier are explicitly excluded from detection to reduce false positives. The overarching goal is to protect recipients from becoming victims of business email compromise (BEC) or credential phishing attempts masquerading as communications from AARP.