diff --git a/detection-rules/spam_website_errors_solicitation.yml b/detection-rules/spam_web_errors_solicitation.yml
similarity index 92%
rename from detection-rules/spam_website_errors_solicitation.yml
rename to detection-rules/spam_web_errors_solicitation.yml
index 3f8002e2801..e54256f8410 100644
--- a/detection-rules/spam_website_errors_solicitation.yml
+++ b/detection-rules/spam_web_errors_solicitation.yml
@@ -47,7 +47,7 @@ source: |
       and 20 < length(body.current_thread.text) < 500
       // service offering keywords
       and regex.icontains(strings.replace_confusables(body.current_thread.text),
-                          "(?:screenshot|error list|plan|quote|rank|professional|price|mistake|visibility|improvement|review|emailed.{0,10}more details)"
+                          "(?:available|screenshot|error list|plan|quote|rank|professional|price|mistake|visibility|improvement|review|emailed.{0,10}more details)"
       )
       // generic greeting
       and regex.icontains(strings.replace_confusables(body.current_thread.text),
@@ -61,7 +61,11 @@ source: |
       and regex.icontains(strings.replace_confusables(body.current_thread.text),
                           "(?:site|website|page)"
       )
+      and regex.icontains(strings.replace_confusables(body.current_thread.text),
+                          '(mail\.|mx|\.u)?\.?@?(aol|yahoo|hotmail|google|gmail|googlemail)\.com'
+      )
     )
+    or any(body.links, regex.icontains(.display_text, '\.?@?(hotmail)\.com'))
     // Single thread with unsubscribe link or $org_domains link
     or (
       length(body.links) <= 3
@@ -115,7 +119,6 @@ source: |
       )
     )
   )
-
 tags:
   - "Attack surface reduction"
 attack_types: