If you are being hit by obfuscation SPAM then these rules may help out.
Code:
################################################################################
# Obfuscation Rules
################################################################################
body ASDM_OBF_URL /www\.\s(.+?)\s[A-Za-z]{2,4}/i
describe ASDM_OBF_URL URLs with spaces
score ASDM_OBF_URL 2.0
body URI_OBFU_XX99_WS /\bwww(?:\s\W?\s?|\W\s?)\w{1,15}\d{1,10}(?:\s\W?\s?|\W\s)(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
describe URI_OBFU_XX99_WS Space-obfuscated xxx999 URI
score URI_OBFU_XX99_WS 2.0
body __MED_BEG_SP /\bw{2,3}[[:space:]][[:alpha:]]{2,6}\d{2,6}\b/i
body __MED_BEG_PUNCT /\bw{2,3}[[:punct:]]{1,3}[[:alpha:]]{2,6}\d{2,6}\b/i
body __MED_BEG_DOT /\bw{2,3}\.[[:alpha:]]{2,6}\d{2,6}\b/i
body __MED_BEG_BOTH /\bw{2,3}[[:punct:][:space:]]{2,5}[[:alpha:]]{2,6}\d{2,6}\b/i
body __MED_END_SP /\b[[:alpha:]]{2,6}\d{2,6}[[:space:]](?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
body __MED_END_PUNCT /\b[[:alpha:]]{2,6}\d{2,6}[[:punct:]]{1,3}(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
body __MED_END_DOT /\b[[:alpha:]]{2,6}\d{2,6}\.(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
body __MED_END_BOTH /\b[[:alpha:]]{2,6}\d{2,6}[[:punct:][:space:]]{2,5}(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
meta AE_MED42 (__MED_BEG_SP || __MED_BEG_PUNCT || __MED_BEG_DOT || __MED_BEG_BOTH ) && (__MED_END_SP || __MED_END_PUNCT || __MED_END_DOT || __MED_END_BOTH) && ! (__MED_BEG_DOT && __MED_END_DOT )
describe AE_MED42 rule to catch still more spam obfuscation
score AE_MED42 2.0