This detection rule identifies potential open redirect threats associated with the domain 'designsori.com'. It targets email messages where links redirect to this domain and utilize specific parameters that indicate malicious behavior. The rule triggers if any link in the message body contains the domain 'designsori.com' with a path indicating 'redirect.php' and a query string that suggests a redirect to external URLs. Moreover, the rule includes safeguards against false positives by checking the sender's email domain against a list of high-trust domains, negating any notifications if the sender is trusted and passes DMARC authentication. This rule particularly aims to prevent credential phishing and malware distribution that exploits open redirection mechanisms.