You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/features/inbox-and-spam-mitigation.md
+5-2Lines changed: 5 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -95,14 +95,17 @@ The inbox spam problem is structurally similar to email spam. The web community
95
95
| Reputation systems | Issuer allowlists / trust scores | Not yet implemented |
96
96
| UX segregation | Trusted vs untrusted inbox views | Not yet implemented |
97
97
98
-
## What's Not Yet Implemented
98
+
## Planned
99
99
100
-
These are natural next steps that can be layered on without protocol changes:
100
+
These are natural next steps that can be layered on without protocol changes, following industry best practices:
101
101
102
102
-**Issuer allowlists**: Trust specific OIDC issuers, deprioritize unknown ones
103
103
-**Payload shape validation**: Require notifications to match a specific ShEx/SHACL shape
104
104
-**Inbox segregation**: Separate trusted and untrusted notifications at the storage level
105
105
-**Reputation scoring**: Track sender behavior over time
106
+
-**HTTP 402 Payment Required**: Support for payment-gated access, enabling micropayments or subscription-based access control as a spam deterrent and monetization layer
107
+
-**CAPTCHA / proof-of-work challenges**: Raise the cost of automated abuse without blocking legitimate users
108
+
-**Sender verification escalation**: Progressively require stronger identity proof based on trust level
0 commit comments