Simple example:
body REMOVE_OBFUSCATE /(Rem(o|0)ve|Delete).{0,10}y(o|0)ur.{0,10}(e[-]?mai(l|1)|address)/i describe REMOVE_OBFUSCATE Remove y0ur e-mail Above, this pattern will match (among other things): Remove your e-mail Rem0ve y0ur e-mai1 where the second string has been obfuscated by replacing 'o' with '0' and 'l' with '1'. Let's say that I think the odds of a spam are higher if the obfuscated form is used, than when the regular form is used. Can you suggest a way to modify this pattern so that the pattern only matches obfuscated uses? Note: to meet my definition of obfuscated, only one of the substitutions above must appear. For example, Remove y0ur e-mail will suffice as an obfuscated form of "Remove your e-mail". ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk