Doesn’t that mean anyone can extract your DSN and then spam your Sentry project?
That’s pretty much the state of the art and there is no way to automatically prevent it. We haven’t heard of a practical issue with this. The much bigger spam-related problem people usually have are legitimate crashes that contain no information or that nobody cares about (“your app crashes a lot on Windows XP, here are 6k events”)
We allow you to filter events, e.g. ban IP addresses or certain app releases from sending events, but that’s primarily meant for buggy deployments of your own app, not because somebody maliciously used your DSN.
It is the same situation as with any other application identifying auth tokens. For example you can also extract oauth credentials from an official Twitter app and use them to access the Twitter API (which allows you to get much better rate limits and to pretend to be sending tweets from the official app)