I noticed this in the morning spamtrap. Does new version of SA look for OBFU like this while running URI rules?
It is a yahoo redirect trick with certain letters using %hex OBFU like the %68=h in http, and %62=b in .biz It did NOT hit the redirect rule!!!!! " <b><a href=http://drs.yahoo.com/pipturus_vacuoushookworm_labored/folksongbowerbird /*%68ttp://marcor-aired.swam.%6Fbtention.%62iz/0/p/?ravish_beauticianhosepip e-glacisartiste_lounger target=_blank><font color=0000FF size=5 face=arial><u>Over 850 popular titles for you to choose from<br><br>Act quick now before all sold<br><br>Start using your needed soft ware now<br>== C L I C K - H E R E ==</b><br><font size=2>(Plz give 2-3 mins to complete the page loading bcos the page has 850 titles on it)</font><br><br></u></a> <a href=http://drs.yahoo.com/drunkard_pujunanbotchery_major/mephitinaeorlon/*%6 8ttp://filbert-unspotted.crossbench.%6Fbtention.%62iz/%75n%73ub.html target=_blank><font size=1>take me down</font></a> " The spam scored a 9.3 from other rules, but I want to add these into Bigevil. Chris Santerre System Admin and SA Custom Rules Emporium keeper http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin
