IPs that keep sending events (3x in a row) without auth after having responses three times saying auth is required.
Discussion
Oh ok I think npub blocking is better but maybe it's too far up the stack
well, if you saw the logs of your relay constantly telling you some dumbass keeps on trying to publish events, gets ok,false,"auth-required:" and ignores it and publishes another, and another, and another, all from the same IP, you'd get it.
my relay is decoding that stupid event, verifying its signature, and then telling the client it has to auth. so, it does it 3 times, that client is being ignored for 10 minutes. it's not going to be humans doing this, it's publishing other people's events at a rate of like 2-3 per second.
think about the load that's putting on my relay when i'm following the protocol and telling them to auth first and the client is just blasting at me.
whoever built the blaster thing that's doing it, needs to be slapped upside the head
also, i'm rejecting this idea you can control spam with just no auth and ... what do you propose is going to be the method of deciding? whitelist? ah but muh onburding. blacklist? ever wanted to play whack a mole without a prize?
also, i already have npub blocking but blacklisting is an extremely poor security measure when there is literally like 2^250 npubs that can exist. it's like infinite whack-a-mole and no prize