May I humbly suggest a totally different approach? If you escape the HTML then spammers get no benefit from it. Also see the "nofollow" attribute to <a href>.

In your case substitute &lt; for < in the message body then no HTML tags will work and the spammers get no benefit. Or do both: reject messages with the string "a href", but also escape the < to prevent other trickery. Or use:

use URI::Escape;
my $escaped = uri_escape( $unescaped_string );
[download]