Technical detection rule for inbound messages that contain a link to mailtrack.ksd.or.kr/TMS/tracking. The rule checks for a link with this domain and path, verifies there is a url parameter in the decoded query, and then analyzes the target URL specified by that parameter. If the destination’s root domain is external to mailtrack.ksd.or.kr, the rule triggers. This captures open redirect attempts that abuse the legitimate tracking infrastructure to redirect users to external sites, potentially evading controls. The intent is to detect phishing or fraud attempts that rely on trusted-looking tracking domains to lure recipients into credential theft or similar abuse. Detection method is URL analysis, focusing on link structure, query parameters, and cross-domain resolution. The rule is categorized as Open Redirect and Evasion, with associated attack types Credential Phishing and BEC/Fraud.