This detection rule identifies potentially malicious messages that utilize Slack's open redirect feature. The rule is defined to trigger when an inbound message contains links to 'slack-redir.net' but originates from an email address that does not belong to recognized trusted domains like 'atlassian.net', 'slack.com', or 'soundtrap.com'. Specifically, the rule checks if the message links are fewer than 10 and that any link contains a query parameter indicating a redirect through the Slack service. This mechanism serves to mitigate attacks that could exploit open redirects to lead users to phishing sites or malicious payloads associated with credential theft and malware distribution.