This detection rule identifies potential open redirect vulnerabilities associated with the domain 'unitedwaynwvt.org'. An open redirect occurs when a web application accepts a user-controllable input that specifies a URL, which can lead to exposure to phishing attacks and the distribution of malware. The rule examines inbound messages for links that point to the subdomain 'ebusiness.unitedwaynwvt.org', are accompanied by query parameters containing the string 'F=', and do not follow a specific regex pattern that mitigates against redirection to the domain itself. Additionally, it excludes messages from high-trust sender domains that have failed DMARC authentication, thereby narrowing down potential malicious activities while accounting for legitimate communications. This approach mitigates the risk of unintended alerts from trusted sources.