But I was more interested if SA already has something like that?It does not.
Weren't there a whole set of "FUZZY" rules once? I'm pretty sure that they looked for words in in the subject and maybe body of the email that had exactly this sort of obfuscation. I don't think they were applied to domain names, and certinaly not matching two fields in different headers. But if the code for the fuzzy rules is still around, it possibly could be adapted for this use.
