This rule aims to detect phishing attempts by identifying fraudulent voicemail notifications sent via Sendgrid. The detection logic examines inbound messages with return paths indicating the domain 'sendgrid.net' while analyzing subject lines for keywords related to voicemail, such as 'voicemail' and 'voice message'. Additionally, it incorporates natural language understanding (NLU) analysis to classify the intent of the email body. If the classifier identifies the intent as anything other than 'benign' or 'unknown', the rule triggers an alert. This comprehensive approach combines header and content analysis to mitigate credential phishing risks associated with the manipulation of trusted notification services.