This detection rule is designed to identify messages that include URLs from Obunsha's passnavi redirect service, which has been known to facilitate phishing attacks by redirecting users to potentially harmful websites. The rule operates by inspecting inbound messages for links that originate from the domain 'passnavi.obunsha.co.jp'. It specifically looks for URLs containing '/ct.html' in their path and parameters that indicate a redirect to another URI, while ensuring that these links do not redirect back to any Obunsha domains. Additionally, the rule negates messages from trusted Obunsha domains unless they fail DMARC authentication checks. This enhances the detection of potential threats by focusing on malicious behavior while excluding legitimate internal communications.