My new antispam thesis is this:

1. Reject events unless we already have a kind 0 (profile event) for the pubkey.

2. Restrict making a kind 0.

By requiring profile events, you force the attacker to create a profile. By restricting the creation of profiles, you slow them down.

Real users should still be able to get in because they won't hit the same limits.


We just recreated web 2.0 security on Nostr. "You need a profile to post?" -Nostr Zoomer