Nigel Frankcom wrote: > Hi All, > > Does anyone have any idea why there are such scoring disparities > between these two emails? I've been seeing a few of these creep > through lately. > > http://dev.blue-canoe.net/spam/spam01.txt > http://dev.blue-canoe.net/spam/spam02.txt > http://dev.blue-canoe.net/spam/spam03.txt > http://dev.blue-canoe.net/spam/spam04.txt > > More to the point with these is why are they not hitting any of the > drugs rules?
There's a few million obfuscation methods, and the rules can't always cover em all. The examples you posted are using "duplicated letters", as well as inserted underscores. The old Antidrug rules (part of xx_drugs.cf now) that I wrote will deal with the underscores, and a wide range of character substitutions, but only a few special-cases of insertions. It's taken the spammers a long time to figure that out, but it appears they finally have. I used to have to update the set constantly, but lately I've been a bit too busy with real life.
