This detection rule identifies potential open redirect attacks that exploit the Artisteer application, particularly when messages contain links intended to redirect users without the legitimate sender being Artisteer itself. The rule evaluates inbound messages to find any occurrences where hyperlinks point to 'artisteer.com' and specifically look for query parameters such as 'redirect_url=' and 'p=affr'. Importantly, it checks that the sender's domain is not 'artisteer.com'. The rule will trigger if messages are not solicited by the user or if the sender has a history of sending malicious or spam messages without having any false positives marked. Additionally, the rule incorporates logic to avoid false flags against domains considered highly trusted unless those domains fail DMARC authentication, thus providing a layered protection against spoofed emails carrying potential phishing links.