It was designed to decouple sender and receiver from any public information. So, it will be impossible to know if the wrap is legit or spam from just looking at the event.
You could ask the sender to AUTH when submitting the event and filter by the authed user. However, the authed user might not have anything to do with the message and you also make it less private when you do so.
i was thinking about this approach. but how about receiver event? we miss that? because we can't auth instead of the receiver.
The receiver relay gets the gift wrap encrypted to the receiver while authed as the sender (some clients will not auth in this case because it breaks privacy).
The sender relay gets the gift wrap encrypted to the sender while authed as the sender.
lets assume my inbox is jellyfish relay which is paid. and im subscribed there.
you want to send me a dm. if the relay only checks the p tag, anybody can send me dms and spam me.
but if check the sender is subscribed as well, it can control who is sending the dm.
my last idea (which i think you believe hurts the privacy): make sure the publisher is whitelisted using auth.
if people trust that the relay won't log the information, it won't hurt the privacy.
I think that works. You can build a WoT of your members. Then when a message is received, you request an AUTH and you check if the authed key has a good enough WoT for the p-tag.
If the sender doesn't have enough WoT, you could place it on a wait-list and ask them to pay a lightning invoice to temporarily buy WoT. You could use the NOTIFY nip to make it visible to the user.
Then you can delete that info once the transaction is done.
