This detection rule identifies instances of open redirects involving the domain mail.spiceworks.com, a method that has been exploited to facilitate credential phishing and malware distribution. The rule checks inbound messages for links directing to the specified domain. To trigger an alert, the message must contain links whose parameters indicate potential malicious intentions, specifically those involving '_externalContentRedirect'. Furthermore, the rule ensures that links from highly trusted sender domains are only flagged if they fail DMARC authentication, thereby reducing false positives from legitimate communications. If the sender's domain is not recognized as trusted, any detection of this redirect would raise a medium severity alert, making it instrumental in protecting against these types of attacks.