This rule is designed to detect abuse of the Xfinity CMP (Consent Management Platform) redirection service, specifically identifying when links from untrusted senders are redirecting to Google AMP (Accelerated Mobile Pages). The detection focuses on the "targetURL" parameter within URLs, which should contain paths pointing to Google AMP. It checks for links originating from senders whose email domains are not associated with Xfinity or Comcast and assesses whether those senders are either unsolicited or have a history of sending malicious or spam messages. If a sender belongs to a high-trust domain but fails DMARC authentication, this rule will also apply. Consequently, this detection mechanism helps prevent credential phishing attempts by analyzing headers, URLs, and sender reputation to flag potentially harmful redirections.