This detection rule identifies instances of open redirect vulnerabilities associated with the domain magic4media.com. Open redirects can allow attackers to redirect users to malicious sites, which can be exploited for phishing attacks or to deliver malware. The rule analyzes inbound messages for links that contain the magic4media.com domain and checks the presence of query parameters starting with an 'r='. Specifically, it flags cases where the redirect query doesn't match a trusted format that would affirm its safety, effectively identifying potential exploitation attempts. The rule is designed to exclude well-trusted sender domains unless they fail DMARC authentication to reduce false positives while still allowing for the identification of threats related to the magic4media.com domain. This functionality is critical in detecting techniques commonly used in credential phishing and malware deployment while maintaining strict adherence to security protocols to protect users from navigating potentially harmful sites.