This detection rule targets instances of open redirect vulnerabilities specifically related to Google Web Light, a now-sunset service (as of December 19, 2022) that was used to optimize web content for mobile devices. The rule identifies messages that contain links to `googleweblight.com` and checks for specific query parameters that indicate a redirect (`lite_url` or `u`). It applies a series of logical conditions to determine the message's context, particularly emphasizing sender analysis to filter out unsolicited or malicious messages. By focusing on URLs that exhibit known redirect patterns, this rule mitigates risks associated with credential phishing and malware distribution attacks that exploit open redirects to lead users to malicious sites. The structured approach of this detection logic ensures a reduced attack surface by monitoring sender behavior and filtering potential spam or malicious content, thus enhancing overall cybersecurity posture against these specific attack vectors.