type.inbound
and 0 < length(body.links) < 10
and sender.email.domain.root_domain == "myactivecampaign.com"
and any(ml.nlu_classifier(body.current_thread.text).intents,
.name == "cred_theft" and .confidence == "high"
)
and not all(body.links, .href_url.domain.root_domain == "activehosted.com")
Playground
Test against your own EMLs or sample data.