On Fri, 2 Feb 2007 21:40:32 -0500, Theo Van Dinter <[EMAIL PROTECTED]> wrote:
>On Fri, Feb 02, 2007 at 06:33:40PM -0800, Kenneth Porter wrote: >> If I read this right, it looks for an illegal domain character in the >> domain component after the first dot. The new pattern puts a % after the >> second dot. > >fwiw, I put in a new test version which will catch the latest obfuscation, >and I'm sure we can look forward to it changing again shortly. I don't >really feel it's worthwhile, but if there isn't a rule there's a ton >of discussion on the list about why there isn't a rule, and I'm tired >of arguing. body Test_01 /remove \"\*|\%|\!\"/i score Test_01 4.0 describe Test_01 Test remove asterisk for URL spams Pretty simple. just add in the characters as you see them e.g. |/^ Untested on mass and what will inevitably a high maintenance rule as the Remove portion of the mails change... but it works Kind regards Nigel