I took a brute force approach to this particular spam. I have some dictionaries that are used for short term purposes. I de-obfuscated the code and created a new dictionary entry using part of the string that was unlikely to change and unlikely to occur in a legit email. This isn't a good long-term approach because it's so easy to modify the obfuscation algorithm, but it worked OK short term.
If I understand you correctly, you de-obfuscated the code, pick a string, and add it to a dictionnary or had to re-obfuscated it before?
What are you using to de-obfuscated the code?
I just looked at the script and worked through it manually. As best I can tell, your example converts each character in the string assigned to variable s to the ASCII character that precedes it. So the substring iuuq;00ufotjpobdbefnz/ translates to http://tensionacademy. I put in a dictionary entry that included the iuuq;00 section as well as a bit more. I had to use the literal substring from the script which is why this isn't a great way to defeat this. All the spammer has to do is change the algorithm to a 2 or 3 or 4 etc. character offset and it passes right through my dictionary.
Apparently the unlink function isn't working too well, or I'm using the wrong browser. I tried to deactivate the hyperlink on the partial URL in my above post, but it's still somewhat live for me.