This detection rule identifies potential open redirect vulnerabilities associated with the domain 'emp.eduyield.com', which has been linked to malicious activities involving redirects to a Google AMP page. The rule analyses incoming messages for hyperlinks that contain the specified domain and query parameters indicative of a redirect. It checks if the sender is not solicited or has a history of sending malicious or spam messages without being erroneously flagged as false positives. Additionally, the rule negates trusted sender domains unless they fail DMARC authentication, to reduce false positives while maintaining high detection efficacy. By combining sender and URL analysis, the rule provides a focused mechanism to detect and flag possible phishing attempts or malware distribution tactics that exploit open redirects.