diff --git a/detection-rules/link_microsoft_low_reputation.yml b/detection-rules/link_microsoft_low_reputation.yml
index 31c5b22c5f9..3579bb944e5 100644
--- a/detection-rules/link_microsoft_low_reputation.yml
+++ b/detection-rules/link_microsoft_low_reputation.yml
@@ -15,6 +15,12 @@ source: |
 
             // mass mailer link, masks the actual URL
             .href_url.domain.root_domain in ("hubspotlinks.com", "mandrillapp.com", "sendgrid.net")
+
+            // Google AMP redirect
+            or (
+            .href_url.domain.sld == "google"
+            and strings.starts_with(.href_url.path, "/amp/")
+            )
           )
 
           // exclude sources of potential FPs
@@ -114,7 +120,6 @@ source: |
       )
     )
   )
-  and sender.email.domain.root_domain not in $org_domains
   and sender.email.domain.root_domain not in (
     "bing.com",
     "microsoft.com",