Oddbean new post about | logout
 nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgwwaehxw309ahx7uewd3hkctcscpyug
https://media.tenor.com/sE9zbaYH_ecAAAAC/hfsp-this.gif
nostr:nevent1qqsvrd89fp7dxf9pd7rqdl3j9gy50zy7a22r4rpk3t0mvt89umnh4rgpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygru5ek5ze43da22z6rgryd6r33cd2tkvf85vd8n39keke6q5wyv5vpsgqqqqqqs67apsn 
 Spammers can just create a GitHub project, put the nip05 verification there as a GitHub Page and be valid for free. So, I don't really thing this does much. 

All they need is a free hosting service. They can even use their own personal computer at home behind a Tor connection to serve as the NIP05 address. 

They can even use Orbot and get their phones to reply to the nip05 verification. 
 Then I’d simply add GitHub domains to my NIP05 filter?

Not sure how the Tor version works or what that NIP05 would look like? 
 No, you could do it on a case-by-case basis at the sub domain level. (At least that's what I would do) 
 You can do one Tor domain with 200,000 pre-generates keys or split them into a few hundred domains. Or just use IP directly.  
 So we would filter the one Tor domain? Directly using IP is a problem for the spammer moreso than it is the network.

Maybe I’m missing something here but you’ve not explained why this wouldn’t work, you’ve just given more things that I’d want to filter out. 
 My nip-5 on the same btcpay server (except .onion) is not coming back valid so what are we talking about? 
https://i.nostr.build/JpuQfdioMYnQKs6k.jpg 
 I cannot access your server from here. That's why it's invalid. But Tor addresses work on Nip 05. 
 ReplyGuy@2jsnlhfnelig5acq6iacydmzdbdmg7xwunm4xl6qwbvzacw4lwrjmlyd.onion 

🤣 
 Why wouldn’t I just filter out anyone on a .onion in that case? 
 Oh for sure, I was just laughing at the incredibly long address that'd have to be used for an onion service NIP-05 lol 
 Hosting (expecially a static site) can be free or extremely cheap, but a domain has a cost associated with it. A free GitHub page will be at the domain: https://<username>.github.io/
They could set up a infinite amount of accounts yes but with captas /verification codes in between they would need to do it manually. 
I don't think it'll stop spammers all together however I do believe it will make it very difficult if not impossible to automate.