On Sat, 03 Feb 2007 07:13:08 +0000, Nigel Frankcom <[EMAIL PROTECTED]> wrote:
>On Fri, 2 Feb 2007 21:40:32 -0500, Theo Van Dinter ><[EMAIL PROTECTED]> wrote: > >>On Fri, Feb 02, 2007 at 06:33:40PM -0800, Kenneth Porter wrote: >>> If I read this right, it looks for an illegal domain character in the >>> domain component after the first dot. The new pattern puts a % after the >>> second dot. >> >>fwiw, I put in a new test version which will catch the latest obfuscation, >>and I'm sure we can look forward to it changing again shortly. I don't >>really feel it's worthwhile, but if there isn't a rule there's a ton >>of discussion on the list about why there isn't a rule, and I'm tired >>of arguing. > >body Test_01 /remove \"\*|\%|\!\"/i >score Test_01 4.0 >describe Test_01 Test remove asterisk for URL spams > > >Pretty simple. just add in the characters as you see them e.g. |/^ > >Untested on mass and what will inevitably a high maintenance rule as >the Remove portion of the mails change... but it works > >Kind regards > >Nigel err |\^ It's early - not very awake yet :-D
