diff --git a/detection-rules/impersonation_fake_msg_thread_mismatched_from_freemail_replyto.yml b/detection-rules/impersonation_fake_msg_thread_mismatched_from_freemail_replyto.yml
index ec61e357ec8..af736fcbb87 100644
--- a/detection-rules/impersonation_fake_msg_thread_mismatched_from_freemail_replyto.yml
+++ b/detection-rules/impersonation_fake_msg_thread_mismatched_from_freemail_replyto.yml
@@ -9,7 +9,10 @@ severity: "medium"
 source: |
   type.inbound
   and (
-    profile.by_sender().prevalence in ("new", "outlier")
+    (
+      profile.by_sender().prevalence in ("new", "outlier")
+      and not profile.by_sender().solicited
+    )
     or (
       profile.by_sender().any_messages_malicious_or_spam
       and not profile.by_sender().any_false_positives