diff --git a/email/attachment.yar b/email/attachment.yar
index b7d1d65..a80d080 100644
--- a/email/attachment.yar
+++ b/email/attachment.yar
@@ -21,7 +21,14 @@ rule without_attachments : mail {
 		reference = "http://laboratorio.blogs.hispasec.com/"
 		description = "Rule to detect the no presence of any attachment"
 	strings:
+                $eml_01 = "From:"
+                $eml_02 = "To:"
+                $eml_03 = "Subject:"
 		$attachment_id = "X-Attachment-Id"
+                $mime_type = "Content-Type: multipart/mixed"
 	condition:
-		not $attachment_id
+                all of ( $eml_* ) and
+		not $attachment_id and 
+                not $mime_type
 }
+
diff --git a/email/image.yar b/email/image.yar
index 786ec4a..398778c 100644
--- a/email/image.yar
+++ b/email/image.yar
@@ -9,11 +9,15 @@ rule with_images : mail {
 		reference = "http://laboratorio.blogs.hispasec.com/"
 		description = "Rule to detect the presence of an or several images"
 	strings:
-		$a = ".jpg" nocase
-		$b = ".png" nocase
-		$c = ".bmp" nocase
+                $eml_01 = "From:"
+                $eml_02 = "To:"
+                $eml_03 = "Subject:"
+		$img_a = ".jpg" nocase
+		$img_b = ".png" nocase
+		$img_c = ".bmp" nocase
 	condition:
-		any of them
+                all of ( $eml_* ) and
+		any of ( $img_* )
 }
 
 rule without_images : mail {
@@ -22,9 +26,14 @@ rule without_images : mail {
 		reference = "http://laboratorio.blogs.hispasec.com/"
 		description = "Rule to detect the no presence of any image"
 	strings:
+                $eml_01 = "From:"
+                $eml_02 = "To:"
+                $eml_03 = "Subject:"
+
 		$a = ".jpg" nocase
 		$b = ".png" nocase
 		$c = ".bmp" nocase
 	condition:
+                all of ( $eml_* ) and
 		not $a and not $b and not $c
 }
diff --git a/email/urls.yar b/email/urls.yar
index 9e51d58..3d2b4eb 100644
--- a/email/urls.yar
+++ b/email/urls.yar
@@ -9,6 +9,10 @@ rule with_urls : mail {
 		reference = "http://laboratorio.blogs.hispasec.com/"
 		description = "Rule to detect the presence of an or several urls"
 	strings:
+                $eml_01 = "From:"
+                $eml_02 = "To:"
+                $eml_03 = "Subject:"
+
 		$url_regex = /https?:\/\/([\w\.-]+)([\/\w \.-]*)/
 	condition:
 		all of them
@@ -20,7 +24,12 @@ rule without_urls : mail {
 		reference = "http://laboratorio.blogs.hispasec.com/"
 		description = "Rule to detect the no presence of any url"
 	strings:
+                $eml_01 = "From:"
+                $eml_02 = "To:"
+                $eml_03 = "Subject:"
+
 		$url_regex = /https?:\/\/([\w\.-]+)([\/\w \.-]*)/
 	condition:
+                all of ( $eml_* ) and
 		not $url_regex
 }