This rule detects potential phishing attempts utilizing an open redirect associated with BMW USA. The detection criterion evaluates incoming messages to identify instances where the email sender's domain does not belong to BMW (i.e., not from 'bmw.com' or 'bmwusa.com') while containing links that redirect through 't.msg.bmwusa.com'. Specifically, the message body should contain a link where the URL path matches the regular expression pattern indicating an open redirect. Given its medium severity, the rule aims to mitigate risks related to credential phishing and malware dissemination, offering a safeguard against misleading redirections that could compromise user data. Analysis is performed by analyzing the sender's email domain and scrutinizing the URLs present in the message. If the conditions are met, alerts are triggered to initiate further investigation.