This detection rule is designed to identify potential open redirect vulnerabilities associated with the use of McGill University's domain, specifically in scenarios where the sender's domain does not match McGill University's official domain. The rule triggers an alert if any links in the message body redirect to 'myalumni.mcgill.ca' with a path of '/redirect.aspx', particularly when the query parameters include a token with the format '*tokenUrl=*'. Given that the sender's email does not originate from 'mcgill.ca', this raises a concern for potential credential phishing or malware/ransomware attacks, leveraging the university's reputation to deceive users. The severity is marked as low due to the nature of these attacks that may not always lead to successful exploitation but highlight a need for verification of unexpected communications supposedly from trusted entities.