This detection rule targets the exploitation of open redirects associated with the domain agena-smile.com, a tactic known to be utilized in phishing attacks. The rule inspects inbound messages for instances where links contain the agena-smile.com domain, specifically checking the presence of the 'wptouch_switch' query parameter and the 'redirect=' keyword. To mitigate false positives, the rule also checks that the email sender's domain does not match agena-smile.com, and it incorporates an exception for trusted sender domains that fail DMARC authentication. This approach helps to minimize alerts from legitimate sources while effectively flagging potential phishing attempts that leverage open redirect vulnerabilities.