Oddbean new post about | logout
 nip05 is not verification, its utterly trivial for spammers to have a nip05 
 They are going to purchase a new domain for each bot? 
Nip-5 providers would be incentivised not to let spamers use them less there whole domain gets muted. 
 
 This ☝️

Clients should allow Users to filter/mute by NIP05. No NIP05 then I don’t want to see your replies.

Put the onus on NIP05 providers to not allow their service to be abused by spammers lest all their community get filtered out, then spammers only have the option of doing it from their own domains which can more easily be blocked and will quickly cost too much to be worthwhile. 
 nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgwwaehxw309ahx7uewd3hkctcscpyug
https://media.tenor.com/sE9zbaYH_ecAAAAC/hfsp-this.gif
nostr:nevent1qqsvrd89fp7dxf9pd7rqdl3j9gy50zy7a22r4rpk3t0mvt89umnh4rgpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygru5ek5ze43da22z6rgryd6r33cd2tkvf85vd8n39keke6q5wyv5vpsgqqqqqqs67apsn 
 Spammers can just create a GitHub project, put the nip05 verification there as a GitHub Page and be valid for free. So, I don't really thing this does much. 

All they need is a free hosting service. They can even use their own personal computer at home behind a Tor connection to serve as the NIP05 address. 

They can even use Orbot and get their phones to reply to the nip05 verification. 
 Then I’d simply add GitHub domains to my NIP05 filter?

Not sure how the Tor version works or what that NIP05 would look like? 
 No, you could do it on a case-by-case basis at the sub domain level. (At least that's what I would do) 
 You can do one Tor domain with 200,000 pre-generates keys or split them into a few hundred domains. Or just use IP directly.  
 So we would filter the one Tor domain? Directly using IP is a problem for the spammer moreso than it is the network.

Maybe I’m missing something here but you’ve not explained why this wouldn’t work, you’ve just given more things that I’d want to filter out. 
 My nip-5 on the same btcpay server (except .onion) is not coming back valid so what are we talking about? 
https://i.nostr.build/JpuQfdioMYnQKs6k.jpg 
 I cannot access your server from here. That's why it's invalid. But Tor addresses work on Nip 05. 
 ReplyGuy@2jsnlhfnelig5acq6iacydmzdbdmg7xwunm4xl6qwbvzacw4lwrjmlyd.onion 

🤣 
 Why wouldn’t I just filter out anyone on a .onion in that case? 
 Oh for sure, I was just laughing at the incredibly long address that'd have to be used for an onion service NIP-05 lol 
 Hosting (expecially a static site) can be free or extremely cheap, but a domain has a cost associated with it. A free GitHub page will be at the domain: https://<username>.github.io/
They could set up a infinite amount of accounts yes but with captas /verification codes in between they would need to do it manually. 
I don't think it'll stop spammers all together however I do believe it will make it very difficult if not impossible to automate.
 
 What are the best tools atm to achieve this? Bot filters with captchas?  
 Using relays with paid gateways to become whitelisted. 

https://relay.nostr.com.au for example ain’t relaying Reply Guys. 
 Cool concept! Does that really keep out bots or just make it more expansive to run bot nets at scale? 
 So, basically you pay to not get messages from bots and to be able to post on a bot free relay. Nicely aligned incentives. 
 Yes it keeps out the bots. They have to pay to have their npubs whitelisted and they ain’t doing that.

Spam only works when its marginal cost approaches zero. 
 would zapping the nip-05 provider for identification help? 
 Yes captas and non-free service would be tools for you. But you still may need to do some moderation as Nostr takes off more.  
 Makes sense. I will look into that. I can imagine some hard choices for moderators. 
 true, it says it in the doc that it's identification, not verification. i had that twisted myself initially.