This rule detects instances of brand impersonation targeting Outlook.com users, specifically identifying fraudulent emails that attempt to mimic the legitimate Outlook brand. The detection mechanism targets senders whose email domains contain 'outlook.com' and are flagged if they are not on a predefined list of legitimate Outlook root domains across various countries. The rule focuses on identifying likely phishing attempts that leverage the trusted Outlook brand through social engineering tactics. The high severity indicates a significant risk to users that could lead to credential theft.