Seeing a new run of spam with:
{a hrefstringhref=http://bogus.url href="http://real.url"}I think they are hoping to fool a primitive scan for 'href=' but it just makes for a really unambiguous spamsign. I'm scoring it high. We'll probably see some variations on this soon, with other things in front of href..... rawbody LOC_HTMLBADHREF /href[a-z]*href/i describe LOC_HTMLBADHREF href(string)href in link score LOC_HTMLBADHREF 2.5 - Charles
