Auto responder spamming issues and comments in gitlab-org group

Summary

A user who had a Watch setting for the gitlab-org group and had a email set with an auto-responder to say the person was no longer part of the company. Every e-mail notification from a project inside gitlab-org would trigger the auto-responder and would successfully post comments with the auto-responder message.

Disabling the watch setting stopped the emails.

Example comments

https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/14597#note_194460436

What is the current bug behavior?

Auto-response emails were not rejected.

Possible fixes

As Stan mentioned:

Ideally we should quarantine or stop these auto-responders because anyone could easily do this and overwhelm our issues.

We need to inspect the headers for these replies. Perhaps we need to update the headers that are marked as auto-generated emails.