This detection rule identifies potential open redirect vulnerabilities using the domain magneticmarketing.com. The rule monitors inbound messages that contain links where the href_url.domain matches "magneticmarketing.com". It further inspects if the path indicates a tracking mechanism typical of phishing attempts (denoted by the path pattern "/_tracking/email_click/broadcast/"). Additionally, it checks the presence of the 'url=' parameter in the query of the URL to ensure that no redirection to the malicious magneticmarketing.com domain takes place. The sender's email is analyzed to filter out messages from domains that are in a pre-defined list of highly trusted sender domains, unless they fail DMARC authentication. This negation helps prevent false alarms from well-known and trusted sources while prioritizing the detection of potentially harmful communications. Special conditions also allow for further filtering based on whether the sender's profile indicates a pattern of spamming or malicious activity. Given these capabilities, the rule aims to actively combat credential phishing and malware distribution tactics that are facilitated by open redirect vulnerabilities.