This rule targets open redirect vulnerabilities associated with the domain secondstreetapp.com, which have been exploited in real-world attacks. It identifies messages that contain links redirecting to this domain, particularly those with query parameters indicating a redirect. The core of the detection logic checks for the presence of URLs that include the redirect parameter ('&redirect=') while ensuring that these URLs do not redirect back to the original source to mitigate self-referential attacks. The rule further filters out messages that originate from domains associated with secondstreetmail.com, which is considered less suspicious. Additionally, it evaluates the sender's profile to discern between solicited and unsolicited messages, allowing for scrutiny of potentially malicious or spam messages while omitting those unlikely to create false positives. The rule also incorporates DMARC authentication checks for highly trusted sender domains to enhance detection accuracy and reduce the chance of overlooking malicious activities from trusted sources.