> So you want obfuscated urls to be recognised as urls but not treated as > urls? > Of course. Its spam.
> If this is just for a few own pcre body rules, I'd suggest you to > handle those de-obfuscations in your rules. > Guess what I'm doing. > You can also publish your own plugin, if you think that it is worth to share. > Its not worth a plugin: one or two regexes and a meta catches it very nicely. > And how many calls will your receive for false positives? Maybe this > depends on one's environment, > Metas that recognise context are the obvious way to avoid FPs. For instance, anything received via a Sourceforge mailing list containing recognisable medical or sex terms (obfuscated or not) and obfuscated URLs can be canned as spam with a very high confidence level. Its certainly site-specific, e.g, I've only ever seen the recent spate of image spam (medical ads presented as images) arrive via Sourceforge mailing lists, but that's far from a typical experience. Martin
