This detection rule identifies emails from disposable email providers where the sender's email address does not match any of the known recipient emails within the organization. The main objective is to reduce the attack surface by flagging unsolicited communications from disposable email services, which are often used for malicious purposes, such as spamming, phishing, or other types of social engineering attacks. The rule works by analyzing the sender's email domain against a predefined list of disposable email providers and ensures that no email exchanges have previously occurred between the sender and any recipient in the organization. As a result, it categorizes such encounters with a low severity as these senders may not pose an immediate threat but could indicate potential unwanted solicitations or spam attempts.