This rule detects phishing attempts via email that employ open redirects through links to Google Document Presentations. The detection logic checks for specific conditions such as the presence of links to Google Docs presentations that either contain a single page with an external link, have been removed for terms of service violations, or have been deleted. Key elements include a filter to ensure that the email does not originate from common Google notification addresses unless the sender's prevalence is not common. It validates that any links to Google Docs presentations meet criteria like having an external link that cannot be directly edited, that the display text includes a specific pattern, and conducts thorough link analysis to identify potential threats, such as being associated with non-trustworthy domains or containing open redirect indicators. Additional safeguards are built in to circumvent highly trusted sender domains unless they fail DMARC authentication.