Handling InvalidAuthenticityToken from bots

I'm using exception_notifier to get an email when a 500 error occurs
in production. Lately I'm seeing a lot of nonsensical POSTs show up
that cause an InvalidAuthenticityToken error. All the fields contain
random characters. (For instance, "search_title"=>"BHQWTZpjGeb")

Is there a way to detect them and not send the email, while still
sending the email in all other cases? I don't want to get used to
these emails and miss one that is an actual bug in production.

How about grabbing "HTTP_USER_AGENT" from the request?

HI Paul,

Actually, I already have rescue_action_in_public. That's how
exception_notifier sends the email.

But I just did a search and see a disturbing discussion:

Anyway, it seems like rescue_action_in_public does work for me, so I'm
not sure I understand that, but in any case, the error message I get
from the bot reports the HTTP_USER_AGENT as "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; SV1)", so that isn't a good indicator. I
haven't seen anything in the error message that I can use to filter