auth can happen at any time, its a very vague spec. other relays may send back public results if you dont auth, i call this 'mixed mode'. but relay.tools does not support this yet, the main purpose of auth for my implementation was to protect dms, and in the future to support nip70. eventually i will implement mixed mode also as it has been requested a lot.

as a relay, it is possible to ask for auth from any key to fend off bots, but bots have started to become smarter and this trick no longer works.

using a random key, will likely not really work too well because the other use of auth is specialty relays like nostr:nprofile1qqsrhuxx8l9ex335q7he0f09aej04zpazpl0ne2cgukyawd24mayt8gprfmhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5hszxmhwden5te0wfjkccte9emk2um5v4exucn5vvhxxmmd9us2xuyp s zapbox or lockbox, or nostr:nprofile1qqsw9n8heusyq0el9f99tveg7r0rhcu9tznatuekxt764m78ymqu36cpr3mhxue69uhhyetvv9ujucnfw33k76twwpshy6ewvdhk6tcpzdmhxue69uhhwmm59e6hg7r09ehkuef0qy2hwumn8ghj7un9d3shjtn4w3ux7tn0dejj7ne6u4e s algo relay it needs to know who you are to provide you a custom feed.

so basically, tldr, i can't think of a reason i'd bother doing random auth if i were you, unless there truly are more relays that do this trick i mentioned.