I have this situation with robosats and I honestly believe the best 1 line of defense method is NIP-05.
I believe some clients take it as a joke but its extremely useful to rapidly identify and discard impersonators.
And obviously the best but most expensive one is to use your WoT. Primal does a good job there by showing notorious people following an account, that's something reproducible with a 2nd level WoT of any user.
nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn didn’t you just spoof a nip-05 for your impersonation testing the other week?
Yes, most clients just check that the address works and show a check mark, which is awful. NIP 05 can be good for validation only if you already know what name/domain to expect. This can be ok for comparing data across apps, or in a Soapbox style client which privileges a particular known NIP 05 provider.
