This detection rule identifies potential open redirect vulnerabilities related to the domain 'shoppingwebapi.didatravel.com.' The rule analyzes incoming messages to detect malicious use of open redirects that have been actively exploited in the wild. It accomplishes this by inspecting the links within messages and checking specific criteria in the URL structure, such as the path starting with '/Analytics/Marketing' and the presence of a 'rdu=' query parameter. Additionally, the rule ensures that the redirect does not lead to a trusted domain. It further performs sender email domain validation against a list of high trust domains while taking into account DMARC authentication status. This combination of URL and sender analysis aids in detecting potential credential phishing and malware delivery attempts through the exploitation of open redirects.