This detection rule focuses on identifying email messages that contain unsolicited content featuring images with links that could lead to open redirects. It is configured to trigger when the body of the email lacks substantial text content, containing either minimal text or disclaimers, ensuring that the presence of attachments are specifically image files of significant size. Additionally, the rule checks if sender domains do not match domains present in the body of the email, which may indicate phishing attempts. The detection also looks for links within the email body that could potentially lead to open redirects, particularly those that originate from untrustworthy domains based on configured parameters. The severity of this rule is marked high due to its applicability to known attack vectors such as credential phishing and malware dissemination, leveraging tactics of evasion, social engineering, and the use of images to obfuscate malicious actions.