"Security through obscurity" is bad for security systems but good for spam detection. Why?

Security through obscurity is Always worse than an alternative which would be compliant with Kerckhoff's principal.

However, sometimes this is simply not possible. One good example of this is DRMs. With DRM, the content distributor wants to protect a content which he gives to the user. It is not possible in this case to rely on a secret key, because at some moment the user will also access this key to be able to use the content. Here the only solution is security bu obscurity. We can see though, that it never works so well. (Remember the DRMs on DVDs? it did not take long for them to be cracked...)

Your case, with spams, is similar. There is no way to implement a "secret key" scheme to detect spams... and therefore, the only remaining option is security through obscurity. Of course it is not excessively robust, but it is the best known solution as of today.