Add SpamAddress model

The volume of spam in the holding pen in WDTK has increased.

Over a few weeks in January 2014 the pattern was roughly:

- 8 were sent "To" the same address, which was a nearly valid old request
  address - correct hash, but missing the second hyphen.
- 1 was sent "To" an invalid request address (nearly correct hash)
- 1 was sent "BCC" a valid request address
- 1 was sent "BCC" request@whatdotheyknow.com

If a spam was sent "To" an old valid request address then it would be
rejected.

It's not entirely safe to just reject mails to old requests with any
hash, because sometimes authorities miss out a digit in the request
number, though perhaps simply getting a failure bounce would cause them
to check.

In any case that wouldn't trivially catch the most frequent case above
as it doesn't have an obvious request number.

---

We looked at greylisting and configuring the MTA with an RBL.

Greylisting was rejected as it would slow down the responsiveness of the
application when people email in. This could be revisited if/when emails
are parsed through a queue system depending on how we find the
performance there.

An RBL is already configured, but this ticket refers more to where the
email is sent rather than who it came from.

---

We elected to:

- Create spam_address model
- Add code to RequestMailer.receive to check the list of spam addresses
  and silently discard an incoming mail if it's addressed to one of them
- Add page to admin interface for adding/removing spam addresses

---

Thanks to Ganesh Sittampalam for the research and Louise Crow for the
implementation strategy.

0 files changed, 0 insertions, 0 deletions