diff --git a/detection-rules/brand_impersonation_google_careers.yml b/detection-rules/brand_impersonation_google_careers.yml
index 4d186276450..79deca6c6f5 100644
--- a/detection-rules/brand_impersonation_google_careers.yml
+++ b/detection-rules/brand_impersonation_google_careers.yml
@@ -37,7 +37,7 @@ source: |
   )
   and not any(body.links, .href_url.domain.root_domain in ("google.com", "c.gle"))
   and not (
-    sender.email.domain.root_domain in ("google.com")
+    sender.email.domain.root_domain in ("google.com", "sublimesecurity.com")
     and headers.auth_summary.dmarc.pass
   )
 attack_types: