This detection rule aims to identify potential phishing attempts and malicious redirects utilizing the eodcnetworkdirect.com domain. It probes inbound messages for links that redirect to 'in.eodcnetworkdirect.com', which has historically been abused in real-world attacks. Key conditions for detection include examining the presence of 'url=' in the query parameters, while ensuring the domain doesn't match any of the legitimate eodcnetwork domains, indicating a potential attempt to exploit open redirect vectors. The rule also considers the sender's reputation; high-trust domains are excluded from detection unless they fail DMARC authentication. This multifaceted approach improves the accuracy of the rule, thereby minimizing false positives associated with trusted senders. Additionally, it analyzes whether the messages from the sender are solicited or if the sender has a history of sending malicious or spam messages without false positives, adding a layer of scrutiny before flagging an email as suspicious.