Got a new spam-sign today that I don't know how to make a rule match on. This is just another token/word breaking method, however it uses valid html, in this case it's using the same font over and over again.
I know it's always good to try to have rules for every word-break tactic, however, let's face it, this particular obfuscation tactic shouldn't be effective against spamassassin in the first place.
Remember, SA strips out HTML tags before it runs rules.
Rules like this: body LOCAL_MEDS /\bmeds\b/i score LOCAL_MEDS 0.1
Should hit on that mail just fine, despite the gapping stuck in between the letters.
Really it strikes me as more of a lacking in your bayes training, and a lacking in the default ruleset.
