diff --git a/detection-rules/impersonation_dropbox.yml b/detection-rules/impersonation_dropbox.yml
index da19ed5e0c5..764eb8b2d7e 100644
--- a/detection-rules/impersonation_dropbox.yml
+++ b/detection-rules/impersonation_dropbox.yml
@@ -15,7 +15,7 @@ source: |
            and not .href_url.domain.root_domain in ("mimecast.com", "mimecastprotect.com")
     )
   )
-  and sender.email.domain.root_domain !~ 'dropbox.com'
+  and sender.email.domain.root_domain not in~ ('dropbox.com', 'dropboxforum.com')
   and (
     any(attachments,
         .file_type in $file_types_images