I feel like the onboarding success rate would be higher than it is for paid relays or relays clogged with spam
Discussion
So I now understand that Tor nodes can enable PoW as a defense mechanism against DDoS attacks, as described in
https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/327-pow-over-intro.txt
The goal is to mitigate connection-level flooding, such as when a botnet with thousands of compromised machines overwhelms onion services by initiating millions of introduction requests.
This is fundamentally a DDoS prevention mechanism, not an anti-spam strategy.
In contrast, if (or when?) Nostr relays are flooded with millions of spammy notes per second, one might consider applying a similar PoW-based throttle—e.g., requiring a 20-bit PoW, which takes about one second to compute. This would theoretically reduce the spam rate to thousands of notes per second per spammer node.
Would this actually be effective as an anti-spam?
Seems to me like it should be effective
And DDoS is definitely a type of spam
PoW is effective in the context of DDoS attacks, where an attacker generates millions of connections in a short time. In such cases, even a small computational cost per request, when multiplied by millions, becomes significant for the attacker, but remains manageable for legitimate users.
Spam, however, is a different problem. A spammer publishing just 1,000 notes per hour could still inflict substantial damage on Nostr relays, overwhelming storage and flooding the relay global feed. In this case, the computational cost of PoW (especially at < difficulty levels) is negligible for the attacker and not a meaningful deterrent.
The situation is much closer to the email spam problem, where PoW was also explored and ultimately abandoned due to its ineffectiveness. In fact, Nostr's case is arguably simpler from the spammer’s perspective: notes are public, require no targeting, and have virtually no delivery constraints.
So my initial point remains: NIP-13 is unlikely to be effective as a spam prevention mechanism, just as PoW proved ineffective against spam emails.
You're definitely wrong
If it didn't work with a simple threshold for what difficulty level is needed to join the web of trust, it would just need a simple formula accounting for things like whether there are any links, as I said before
Yes, restricting PoW to users outside the WoT is a thing, and makes somewhat sense.
But still I don't understand why not captchas or similar in this scenario. These are more effective than PoW, as they burn human mental resources, not just cheap CPU cycles, and are hard to automate.
I don't believe captchas are necessarily harder for bots than humans but definitely also worth a try since I could be wrong on that 🤙