This threat detection rule identifies potential phishing attempts using an open redirect associated with Dell, where the sender is not an authorized Dell domain. The rule triggers when an incoming message contains a link to 't.em.home.dell.com' with a URI path that matches '/r/', implying that it leads to a redirect. For the rule to activate, the sender’s email domain must not belong to trusted Dell domains (like 'dell.com' or 'dell.ca'). Additionally, the rule incorporates sender profile analysis, allowing it to flag messages that are unsolicited or come from senders marked as malicious or spam without prior historical false positives. It also adds a layer of filtering to account for highly trusted sender domains, negating those unless they fail DMARC authentication. This is built to reduce the attack surface against credential phishing and malware/ransomware attacks by scrutinizing both the sender's history and the URLs they include.