This rule is designed to detect potential open redirect vulnerabilities related to the domain 'astroarts.co.jp', which is known to have been exploited in various online attacks. It functions by analyzing incoming messages for links that point to this specific domain, particularly those that include a path that starts with '/oauth/' and a query parameter that contains 'redirect_uri='. The rule further stipulates that the 'redirect_uri' must not point back to the 'astroarts.co.jp' domain itself to avert false positives around legitimate use cases. Additionally, it dismisses links from trusted sender domains unless they fail DMARC authentication, ensuring that legitimate cases are not falsely flagged. The detection is relevant to attack vectors classified under Credential Phishing and Malware/Ransomware.