Couch Architects Logo

Spam Prevention Ideas for a NOSTR Relay with a CouchDB Backend

In the evolving landscape of NOSTR relays, spam prevention is an increasingly pressing issue. Unlike traditional social media platforms with centralized moderation, NOSTR is designed to be open, decentralized, and censorship-resistant. While this openness is a key strength, it also makes relays susceptible to abuse-bots flooding the network with junk data, unsolicited advertisements, and denial-of-service attempts that degrade the experience for real users.

Most existing NOSTR relay implementations rely on in-memory rate limiting or IP-based throttling, which work to some extent but are often inefficient and easily bypassed. Since relays communicate over WebSockets rather than traditional HTTP requests, conventional spam mitigation tools like API rate limiting or CAPTCHA verification are harder to apply.

At the same time, most relays use lightweight databases (like SQLite or simple file-based storage) that lack the flexibility to implement more adaptive, intelligent spam filtering. But what if we leveraged a document-oriented database like CouchDB to rethink spam prevention? With its map-reduce capabilities, efficient indexing, built-in replication, and distributed design, CouchDB offers a unique toolset for managing spam in a decentralized environment—without relying on a single authority to police content.

By utilizing CouchDB’s strengths in data aggregation, distributed trust models, and efficient querying, we can explore creative ways to detect, throttle, and mitigate spam while maintaining the open, permissionless nature of NOSTR. Here are some innovative approaches to achieving this:

1. Rate Limiting via CouchDB’s _count Reduce Views

Instead of tracking request counts in memory, use a CouchDB map-reduce view that counts events per user/IP address over a time window.

  • Implementation:
    • Create a map function that emits (userPubKey, timestamp).
    • A reduce function to count events within a given timeframe.
    • Your relay can query this view periodically to check if a user exceeds a spam threshold.
    • If exceeded, throttle or temporarily ban the user.
  • How is CouchDB a differentiator?
    • CouchDB’s built-in reduce functions allow efficient aggregation of events, reducing the need for in-memory counters.
    • You can periodically purge old events using compaction.

2. Proof-of-Work (PoW) for Message Submission

Implement a lightweight hashcash-style PoW mechanism before accepting messages.

  • Implementation:
    • Require users to include a nonce in their events.
    • Before accepting a message, the relay verifies that SHA256(pubkey + message + nonce) has a certain number of leading zeros.
    • Difficulty can be dynamically adjusted based on spam activity.
  • How is CouchDB a differentiator?
    • CouchDB is optimized for reads over writes, so filtering incoming spam before inserting documents reduces database bloat.
    • PoW shifts some of the spam prevention burden to clients, reducing relay load.

3. Collaborative Filtering with Map-Reduce Spam Scoring

Use a spam scoring system based on known spam signals, aggregated efficiently via map-reduce views.

  • Implementation:
    • Maintain a document storing a spam score per public key/IP.
    • Assign weights to various spam indicators:
      • Frequency of messages per time window.
      • Similarity to known spam content (e.g., hash similarity).
      • Reports from other users.
    • A map function emits (userPubKey, spamScore), with a reduce function summing the scores.
    • Clients with scores exceeding a threshold get deprioritized or rejected.
  • How is CouchDB a differentiator?
    • Map-reduce efficiently aggregates large-scale data.
    • The distributed nature of CouchDB allows multiple relays to share spam insights via replication.

4. Content Similarity Deduplication

Use CouchDB’s map-reduce views with MD5 hashes to detect duplicate spam.

  • Implementation:
    • Store an MD5 hash of each event’s content.
    • Create a view mapping MD5(content) → count.
    • If an incoming event has a hash with a high count, it's likely spam.
    • Relay can reject or down-rank such messages.
  • How is CouchDB a differentiator?
    • Efficient deduplication via views without requiring additional indexing systems.
    • CouchDB’s _changes feed can be used to track new spam patterns in real-time.

5. Web-of-Trust (WOT) for Prioritization

Weight message priority based on trusted public keys using CouchDB’s replication and validation functions.

  • Implementation:
    • Users build their own "trust networks" by signing and sharing trusted public keys.
    • Events from trusted keys are prioritized, while those from unknown keys face higher scrutiny (e.g., PoW requirements).
    • Store trust lists in CouchDB as documents and replicate them across relays.
  • How is CouchDB a differentiator?
    • CouchDB’s distributed, eventually consistent replication makes WOT-based filtering more effective across multiple relays.
    • Validation functions can reject untrusted submissions at the document level.

6. Time-Decay Rate Limiting with CouchDB TTL

Implement time-decay spam filtering using CouchDB’s built-in document expiration (TTL).

  • Implementation:
    • Use a created_at timestamp field in event documents.
    • Set a TTL policy (via _purge or compaction) to expire older rate-limit entries.
    • A view query counts only events within the last X minutes, preventing stale spam.
  • How is CouchDB a differentiator?
    • Efficient event pruning without requiring external cron jobs.
    • Avoids unnecessary long-term storage of spam events.

7. Hashcash-Based Relay Fee System

Charge users computational effort (via PoW) or microtransactions (Lightning Network/Bitcoin) for relaying messages.

  • Implementation:
    • Each event must include a PoW proof OR a small Lightning payment.
    • Payments are stored in CouchDB as transactions.
    • Free-tier users get stricter spam limits, while paying users get priority.
  • How is CouchDB a differentiator?
    • Transactions are easily stored and queried.
    • CouchDB can store Lightning invoices and payment confirmations for spam filtering.

8. Distributed Reputation via CouchDB Replication

Leverage CouchDB’s bi-directional replication to share spam reports and trusted user lists across multiple relays.

  • Implementation:
    • Each relay maintains a reputation database of known spammers and trustworthy users.
    • Relays can replicate reputation data from each other, creating a decentralized spam blacklist.
    • Spammy users get automatically downranked across federated relays.
  • How is CouchDB a differentiator?
    • Native replication allows easy syncing of spam databases across nodes.
    • Works in a decentralized manner, reducing single points of failure.

Conclusion

A combination of these methods—rate limiting via map-reduce, proof-of-work requirements, web-of-trust filtering, and CouchDB replication for reputation data—can create a robust, decentralized spam prevention system tailored for a NOSTR relay. By leveraging CouchDB’s efficient querying, replication, and indexing features, these techniques minimize in-memory overhead and enhance scalability.

We are starting work on point 1 for our evolving NOSTR relay experimental implementation, let's see how it develops. Give us a sign on NOSTR if you want to talk about it.