This detection rule identifies potential open redirect vulnerabilities associated with the use of the domain 'marketing.edinburghairport.com.' It aims to combat threats like credential phishing, where attackers exploit redirections to trick users into providing sensitive information. The rule inspects inbound messages for any links that reference this domain, particularly looking for specific query parameters suggesting malicious intentions. The analysis takes into account the sender's profile to filter out results from highly trusted domains unless they fail DMARC authentication, thus minimizing false positives. Overall, this rule employs multiple detection methodologies, including content analysis, header and sender evaluations, as well as URL scrutiny, to effectively identify and mitigate phishing threats stemming from this redirect.