Roju,
First off, I'd ask what you are trying to do with the rule. Is it simply to detect an email going to 1 vs 40 people? If so, what is the significance at that point if you don't know if the users are legitimate or not? Maybe sounds like you are trying to create an extra mechanism to detect mass emails, broadcasts, or potentially spam.
If you are simply looking for more than 1 recipient, the other option is to build a rule around this simply. If you create rule under the Groups tab in the policy, you can select 'Recipient Matches Pattern'. Under this section you can simply use: *@* - in the email address field. Further down under the condition you can check that at least 2 recipients must match. With this logic, you should be able to flag any email that contains more than 1 recipients. You can also change the number to a larger numebr if you are only looking for say 10 or more recipients, etc.