diff --git a/scripts/base/frameworks/notice/__load__.bro b/scripts/base/frameworks/notice/__load__.bro
index bcf3cd6898..aea3d6d2f3 100644
--- a/scripts/base/frameworks/notice/__load__.bro
+++ b/scripts/base/frameworks/notice/__load__.bro
@@ -8,10 +8,6 @@
 @load ./actions/page
 @load ./actions/add-geodata
 
-# There shouldn't be any default overhead from loading these since they 
-# *should* only do anything when notices have the ACTION_EMAIL action applied.
-@load ./extend-email/hostnames
-
 # The cluster framework must be loaded first.
 @load base/frameworks/cluster
 
@@ -22,4 +18,4 @@
 @endif
 
 # Load here so that it can check whether clustering is enabled.
-@load ./actions/pp-alarms
\ No newline at end of file
+@load ./actions/pp-alarms
diff --git a/scripts/policy/frameworks/notice/__load__.bro b/scripts/policy/frameworks/notice/__load__.bro
new file mode 100644
index 0000000000..fef1dc894e
--- /dev/null
+++ b/scripts/policy/frameworks/notice/__load__.bro
@@ -0,0 +1,3 @@
+# There shouldn't be any default overhead from loading these since they
+# *should* only do anything when notices have the ACTION_EMAIL action applied.
+@load ./extend-email/hostnames
diff --git a/scripts/base/frameworks/notice/extend-email/hostnames.bro b/scripts/policy/frameworks/notice/extend-email/hostnames.bro
similarity index 98%
rename from scripts/base/frameworks/notice/extend-email/hostnames.bro
rename to scripts/policy/frameworks/notice/extend-email/hostnames.bro
index 18442f453d..d8dac39e43 100644
--- a/scripts/base/frameworks/notice/extend-email/hostnames.bro
+++ b/scripts/policy/frameworks/notice/extend-email/hostnames.bro
@@ -3,7 +3,7 @@
 ##! :bro:type:`Notice::Info`'s *src* and *dst* fields as determined by a
 ##! DNS lookup.
 
-@load ../main
+@load base/frameworks/notice/main
 
 module Notice;
 
diff --git a/scripts/site/local.bro b/scripts/site/local.bro
index 9f8be4bc3b..5064d6a330 100644
--- a/scripts/site/local.bro
+++ b/scripts/site/local.bro
@@ -85,6 +85,9 @@
 # Detect SHA1 sums in Team Cymru's Malware Hash Registry.
 @load frameworks/files/detect-MHR
 
+# Extend email alerting to include hostnames
+@load policy/frameworks/notice/extend-email/hostnames
+
 # Uncomment the following line to enable detection of the heartbleed attack. Enabling
 # this might impact performance a bit.
 # @load policy/protocols/ssl/heartbleed