This detection rule identifies messages that contain links to the 'adnxs.com' domain with the '/getuid' parameter, which has been implicated in various phishing attacks. The rule checks if the body of the message contains any links where the domain matches 'ib.adnxs.com' and confirms that the path includes '/getuid'. It further ensures that these redirects do not point back to 'adnxs.com' and also checks that the sender's email domain is not from 'adnxs.com' or 'appnexus.com', thus targeting potential phishing attempts. Additionally, the rule considers trusted sender domains while ensuring compliance with DMARC authentication to avoid false positives from legitimate senders. This makes it a sophisticated rule designed to mitigate the risk of phishing through open redirects in email messages.