This rule is designed to detect phishing emails that spoof reputable shipping companies like FedEx, UPS, or USPS. The email is characterized by the absence of attachments, a deceptive subject or body containing links purportedly for tracking shipments, and peculiarities in sender email domains that do not match those of the legitimate companies. The detection mechanism employs a multi-faceted approach, including content analysis to recognize the presence of "FedEx" or similar keywords, evaluation of the sender’s email domain to ensure it isn't from the actual company, and scrutiny of links to see if they point to recognized free file hosting services. Specifically, it will check if the sender is using a free email provider, and if they do not match known sender emails or are not from a verified domain. The rule aims to minimize false positives through multiple checks, including verifying if the email domain is valid. By blocking such spam attempts, the rule enhances user security against social engineering and brand impersonation attacks.