type.inbound
and 0 < length(body.links) < 15
and length(recipients.to) == 1
and recipients.to[0].email.domain.valid
and any(body.links,
// single path
strings.count(ml.link_analysis(., mode="aggressive").effective_url.path,
'/'
) == 2
// tycoon url struct
and regex.icontains(ml.link_analysis(., mode="aggressive").effective_url.path,
'\/.*[!@].*\/[$*](?:[a-zA-Z0-9.\-_]+(?:@|%40)[a-zA-Z0-9.-]+\.[a-zA-Z]{2,3}|(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})|$)'
)
)
Playground
Test against your own EMLs or sample data.