diff --git a/detection-rules/asr_suspicious_mailer_gmail.yml b/detection-rules/asr_suspicious_mailer_gmail.yml
index dc7792738b2..fd2802d99a3 100644
--- a/detection-rules/asr_suspicious_mailer_gmail.yml
+++ b/detection-rules/asr_suspicious_mailer_gmail.yml
@@ -13,7 +13,7 @@ source: |
     or any(headers.hops, any(.fields, .value == "Produced By Microsoft MimeOLE"))
   )
   and (
-    any(headers.hops, .index == 0 and .received.server.raw == "smtp.gmail.com")
+    any(headers.hops, .index == 0 and .received.server.raw in ("smtp.gmail.com", "mx.google.com"))
     or headers.return_path.domain.root_domain in ("gmail.com", "googlemail.com")
   )
   and not profile.by_sender().any_messages_benign