The key is that you create the same UNIQUE deduplication key in each rule. Ideally, we’ve got something else like an alert ID, hostname, etc. that we can use to make it unique (hostFoo:Alert123) in the triggering email rule and make it the same in the resolving email rule.
Your first rule should identify the conditions (ALL) needed to match the triggering condition, create the dedup key, have an action to always trigger the incident and route to your service.
Your second rule should identify the conditions (ALL) needed to match the resolving condition, create the same dedup key, have an action to always resolve the incident and route to your service.
Make sure you don’t have “suppress” selected in a rule! Sometimes you need to also ensure the “resolve” rule is higher up than the “trigger” rule as rules are processed top to bottom, first matching rule is processed only.