This detection rule identifies attempts to exploit an open redirect vulnerability associated with the domain "pirlsandiego.net". The rule examines messages for specific URL patterns, particularly those containing '/LinkClick.aspx' and 'link=' in the URL. Such links are known to redirect users potentially leading to phishing or malware sites. The detection mechanism includes an analysis of the sender's reputation, scrutinizing whether the sender's domain is among high-trust domains and if these fail DMARC authentication. This measure enhances false positive mitigation by ignoring trusted senders unless their emails are flagged as malicious or spam. Designed to help secure digital communication channels from credential phishing and malware attacks, it utilizes sender and URL analytics to identify threats effectively.