Ability to Allowlist an account/group of accounts from Spam Checking

Problem to solve

GitLab Bot Issues are getting blocked by Akismet as part of its spam checks and we do not have a way to add the account to an Allowlist. More details here

Intended users

GitLab Admins

• Abuse Operations

Further details

Use Case: https://gitlab.com/gitlab-com/gl-security/abuse-team/abuse/issues/252

Additionally we could potentially allowlist any account/group from spam checks.

Proposal

Create the ability to add an account to an allowlist by email address or group of accounts (possibly based on email domain, example: @gitlab.com) from being sent to Akismet (or any spam micro service) for spam checks.

Permissions and Security

Admin permission required to add/remove users from the allowlist.

Availability & Testing

Risk associated by this:

• Allowlisted user account is compromised, their issue will not be sent for spam checks.

What does success look like, and how can we measure that?

Internal/Service account issues not getting blocked by Akismet/Spam Micro Service

Links / references