Hi, It doesn't trigger any fp's here due the to forward slashes around the email address but i'd recommend testing it against your corpus in case it causes you problems. You're right a URI rule would be better :-)
You would have to do this for all your users unless there is some way to check the email against the to header (i use it for my personal account so that isn't a problem here). Maybe someone more proficient can help out with that or suggest another way to score this annoying spam. Apart from that you can up the scores of whatever rules it does hit and hope that bayes kicks in soon :-) Sorry not to be of more help! Mat On Mon, 29 Mar 2004 08:39:41 -0500, Paul Barbeau wrote: > Thanks for the response couple things. > > 1) would this not get thrown on a message thread where you have > respond to > someone and so on? would a URI rules not work better? > 2) Would i have to do this for all my domains/users? > 3) is there some kind of varable that stores the "to" of the > message. > >> rawbody MYEMAIL /\/[EMAIL PROTECTED]//i >> describe MYEMAIL body contains /[EMAIL PROTECTED]/ >> score MYEMAIL 3.00
