This detection rule identifies potential spam emails originating from free email providers that contain links to domains created within the last 10 days and include emojis in either the subject or body of the email. The rule examines the sender's domain to confirm it belongs to a known free email provider. It then checks the age of any linked domains via a network WHOIS lookup to ensure they are less than 10 days old. Furthermore, the presence of emojis is identified through regular expressions that scan both the email's subject and body content for emoji character ranges. Additionally, the sender's profile is analyzed for prevalence and malicious behavior to ascertain whether this is a new or outlier sender, or if they're known for sending spam without false positives. By using content analysis, sender data, URL verification, and WHOIS information, this rule aims to enhance spam detection efficiency and reduce the occurrence of unwanted email.