The Open Redirect rule for api.spently.com is designed to detect potential malicious use of redirection towards the api.spently.com domain. This rule identifies instances where the body of a message contains links that leverage the api.spently.com domain for possible credential phishing or malware distribution. It specifically looks for messages that use less than ten unique links referring to the api.spently.com domain and checks if those links meet specific criteria indicating redirection behavior (e.g., paths indicating '/api/spently/click' and query parameters containing 'url=' and 'type='). To enhance reliability, the rule negates links originating from highly trusted sender domains unless they fail DMARC authentication, thereby filtering out legitimate messages. This detection employs both sender and URL analysis methods to ensure robust threat identification.