This rule detects potential abuse of the redirect URL `people.anuneo.com`, which has been misused by cybercriminals to facilitate credential phishing. The detection mechanism focuses on analyzing inbound messages for specific patterns indicative of the redirection scheme commonly employed in phishing attacks. A message is flagged if it contains links to `people.anuneo.com` with a specific path of `/redir.php` and query parameters indicating a URL. The rule also evaluates the sender's trustworthiness and checks for any malicious patterns in their past correspondence, ensuring that messages from high-trust domains that fail DMARC authentication are scrutinized. This multi-faceted approach aims to significantly reduce false positives while effectively identifying phishing attempts that utilize this particular redirection tactic.