This detection rule identifies emails that impersonate the Purdue ePlanroom service and include potentially harmful links. The rule works by checking for the presence of the phrase "Purdue ePlanroom" in the email body and examining any links included in the message. If any link has a display text of "Review This Project" but originates from a domain other than the legitimate reprographix.com, or if any link is flagged as phishing through machine learning (ML) analysis, the email is flagged for further review. Additionally, an email will be considered suspicious if it originates from a sender that does not pass DMARC validation, despite being from the reprographix.com domain. This rule targets credential phishing and business email compromise (BEC) schemes, leveraging content, sender, and URL analysis methods for detection.