This detection rule identifies messages containing links that exploit an open redirect vulnerability associated with the domain 'documentmailbox.com'. Such vulnerabilities can be manipulated by attackers to redirect users to malicious sites, making it a common technique in credential phishing and malware distribution. The rule examines the presence of links in inbound messages that point to 'documentmailbox.com', specifically looking for 'RedirectTarget.aspx' in the URL path and 'TargetUrl=' in the query parameters. Additionally, the rule includes sender analysis to filter out messages from high-trust domains unless they fail DMARC authentication, thus reducing false positives. The severity of this rule is classified as medium, as exploiting an open redirect can have serious implications if not mitigated effectively.