This detection rule identifies instances of open redirect vulnerabilities specific to Medium's platform. It utilizes a combination of link analysis and sender profiling to determine whether a message attempts to redirect to Medium's global identity endpoint while mitigating against valid redirection cases. The rule evaluates various components of the inbound message, including the presence of a 'redirectUrl' parameter in the URL's query string and checks if the originating sender is trusted. If the sender is not trusted, or if the sender fails DMARC authentication, the message raises a flag for review, highlighting potential phishing or malware attempts that exploit open redirect functionalities. The rule emphasizes the need to ensure that any links redirecting to ‘medium.com’ are legitimate, thus helping protect users from potential credential phishing and malware attacks.