Detects inbound emails containing a Mimecast URL redirect with an unusually long path, indicating potential abuse of Mimecast's URL redirection to obfuscate the final malicious destination. The rule scans email body links for a href_url whose root_domain includes mimecast and whose path starts with /r/ (Mimecast redirect pattern) and whose path length exceeds 2000 characters. When both conditions are met, the detection fires with high severity. This pattern supports threat scenarios involving credential phishing and malware delivery via open redirects, where attackers leverage trusted redirect services to evade basic URL filtering and mask their ultimate target. The method relies on URL analysis of inbound content and domain-based checks to reduce false positives from benign redirects. Signals to correlate include additional phishing cues and outbound indicators. The rule is best used as part of a multi-factor inspection workflow (e.g., attachment analysis, user context, and reputation data) to confirm malicious intent and reduce false positives involving legitimate Mimecast redirects or misconfigured links.