diff --git a/detection-rules/headers_freemail_replyto_returnpath_mismatch.yml b/detection-rules/headers_freemail_replyto_returnpath_mismatch.yml
index c0360a0682b..f571dc6e0d8 100644
--- a/detection-rules/headers_freemail_replyto_returnpath_mismatch.yml
+++ b/detection-rules/headers_freemail_replyto_returnpath_mismatch.yml
@@ -5,7 +5,7 @@ severity: "medium"
 source: |
   type.inbound
   and any(ml.nlu_classifier(body.current_thread.text).intents,
-          .name in ("bec") and .confidence in ("medium", "high")
+          .name in ("bec") and .confidence == "high"
   )
   and (
     headers.return_path.domain.root_domain in $free_email_providers