nostr.blog
StudyGlossary
Get your @nostr.blog→
nostr.blog

Your decentralized identity on Nostr. One address, zaps, and a clean reader.

ProductHomeGet your @nostr.blogDashboard
LearnStudyGlossary
LegalTermsPrivacy
© 2026 nostr.blog. Open-protocol identity for the decentralized web.
Home›Study›Advanced and technical›How Nostr handles spam: the practical defenses in 2026
Advanced and technical

How Nostr handles spam: the practical defenses in 2026

Nostr has no moderation team, but spam is not unsolved. What actually works: proof of work, paid relays, web-of-trust filters, mute lists.

bynostr.blog editorial team·Apr 8, 2026·7 min read

Nostr has a spam problem. Not unmanageable, not unique to Nostr, but real and worth understanding if you use the network actively.

The problem exists because the protocol has no gatekeeper. Anyone can create an account and post. This is the feature that makes Nostr censorship-resistant and also what makes it spammable. This guide covers the defenses in use in 2026 and which ones actually work.

Spam on Nostr is filtered at the relay and client level, not centrally. The practical defenses are: default spam-filtering relays, web-of-trust filters in mainstream clients, user-maintained mute lists, and optional proof-of-work requirements on paid relays. A user with default settings in a good client sees very little spam; a user on raw relays with no filters sees significant spam.

When you are ready, grab your @nostr.blog address →

The five defensive layers

Nostr has accumulated several anti-spam techniques. Different clients and relays combine them differently.

1. Relay-level filtering

Most modern relays apply some kind of spam filter. Common rules:

  • Rate limiting. An account cannot publish more than N events per minute.
  • Known-spam blocklists. Maintained by the relay operator or shared across relays.
  • Pattern matching. Events with certain patterns (all-caps shouting, hundreds of hashtags, specific scam URLs) get rejected.
  • Required tags. Some relays require specific tag formats; events missing them are dropped.

Effectiveness: basic rate limiting and blocklists stop casual spam. Sophisticated spammers bypass them, but the barrier raises enough that most spam comes from low-effort sources that rate limits catch.

2. Paid-write relays

The economic defense. A relay that charges 10 to 100 sats per event makes spam economically uninteresting because the cost scales with the spam volume. Spammers trying to flood the relay run out of budget.

Paid relays are not the majority, but they are a meaningful chunk of the network. nostr.wine and similar services use this model. Users who subscribe to their posts do so partly for the spam-free experience.

For a user who only reads from paid-write relays, spam is almost completely absent. For the common case of reading from a mix of free and paid, spam is reduced proportionally to how much paid coverage you have.

3. Proof of work (NIP-13)

An event can include a proof-of-work stamp: a small computational puzzle that the author's client solved to produce the event. The more bits of work, the more expensive spamming becomes.

A relay can require minimum proof of work for acceptance. A client can filter low-proof-of-work events from its feed.

Adoption: spotty. Some relays require it; most do not. Most clients can display the PoW count but do not filter by it by default. If you specifically want to filter for high-effort events only, most clients expose this as a setting.

4. Web of trust filters

This is the most effective modern defense and worth explaining in detail.

The idea: if you follow Alice, you implicitly trust Alice's judgment a little. If Alice follows Bob, you inherit some trust for Bob. A spam account that has zero followers in your social graph is almost certainly not someone you want to see.

Mainstream Nostr clients in 2026 implement this as a default filter. Events from pubkeys completely outside your social graph are hidden or de-emphasized. The threshold is usually configurable.

Effect: dramatic reduction in spam. A new spam account has to accumulate real-user follows to be visible to anyone, which is much harder than creating the account.

Tradeoff: new legitimate users (who have few follows) can get filtered out. Most clients handle this by letting you see replies to your own posts even from out-of-graph accounts, with a small warning indicator.

5. Client-side mute lists (NIP-51)

Your personal block list. Manually mute specific accounts; the mute list is a signed Nostr event, so it syncs across clients.

Every mainstream client has a mute button. Tap it once per spammer and they disappear from your feed permanently. Mute lists can also include keywords, hashtags, or patterns.

The combination of default spam filtering and a few minutes of mute-list tuning covers most users' needs.

Get started

Claim your Nostr identity in 2 minutes

  • •Your own @nostr.blog address, verified everywhere
  • •Built-in Lightning wallet for sending and receiving zaps
  • •Full client in one place: feed, notifications, DMs, media, relays

From $2.99/year.Shorter premium names cost more.

Start with nostr.blog→

Which clients handle spam well

As of April 2026, a rough ranking.

Strong spam defenses by default:

  • Primal. Aggressive web-of-trust defaults, solid mute list management, invisible spam for most users.
  • Amethyst. Configurable filters, good mute list support, topic filtering.
  • Damus. Decent defaults, clear mute UI, improves yearly.
  • nostr.blog web client. Default web-of-trust filter active.

Require tuning:

  • Older web clients. Less-polished defaults; setup needed.
  • Niche and developer-focused clients. Feature-rich but assume user handles filtering.

If you are getting too much spam on Nostr, first question: which client? Switching to one with stronger defaults solves it without you doing any filter work.

The new-user spam problem

Users in their first few hours on Nostr often see disproportionate spam because:

  • They follow few accounts, so web-of-trust filters cannot work well
  • They have no mute list yet
  • They are reading from default relays that include some spam-heavy ones
  • Sophisticated spammers target new users specifically because they are easier to trick

Practical defense for new users:

  1. Keep mute-as-you-go discipline. First spam you see, mute it. Second, mute it.
  2. Follow twenty accounts in your first week to activate the web-of-trust filter.
  3. Ignore DMs from accounts you do not know. First-day DMs from strangers are almost always spam or scams.
  4. If a specific relay is a consistent source of spam, remove it from your list.

After two weeks, the flood usually subsides to a trickle for an active, well-filtered account.

Scams specifically

Distinct from volume spam: targeted scams. Common patterns in 2026:

Fake verification offers. "Get NIP-05 verified for free, just paste your nsec here." Never works. Never legitimate. The nsec is the key to your account; asking for it is a scam.

Fake airdrops. "Zap our address 21 sats to receive 10,000 sats back." The sender runs away with your 21 sats. Classic Ponzi; only the earliest "testers" get anything.

Impersonation. Someone using a near-duplicate display name of a famous account sends you a DM asking for help. Check the pubkey before engaging.

Impossible NIP-05 addresses. @primal.net addresses pretending to be from Primal that are not. Check the actual resolved pubkey.

"Your Nostr account will be deleted" phishing. Literally fake; accounts cannot be deleted by anyone other than the key holder.

General rule: anyone who needs something from you on Nostr is almost certainly a scammer. Legitimate people on Nostr are not DMing strangers to ask for money, keys, or verification fees.

Reporting and takedown

Unlike on centralized platforms, reporting on Nostr does not work the same way.

What you can do:

  • Mute the account in your client.
  • Publish a NIP-56 report event (a signed event that says "this pubkey is spam"). Some clients and relays use these as input.
  • Inform the relay operators if the account is abusing a specific relay.
  • Warn other users in public posts.

What you cannot do:

  • File a report with "Nostr customer service." It does not exist.
  • Trigger a network-wide takedown.
  • Get the spammer's account suspended across all relays.

The moderation works through aggregation. Many users muting, many relays filtering, many clients implementing web-of-trust cumulatively silences spammers for most legitimate users. But the protocol does not offer a centralized solution, and the decentralized one is imperfect.

How the spam landscape will evolve

Active work in the ecosystem:

  • Better web-of-trust algorithms. Clients are improving their heuristics, using deeper social-graph signals.
  • Federated spam databases. Relays and clients share spam pubkey lists so a spammer banned on one gets filtered on others.
  • Proof-of-work renaissance. Some projects are exploring more aggressive PoW requirements for anonymous-looking events.
  • AI-assisted filtering. Early experiments in using local AI models to classify spam. Not widespread, promising.
  • Paid-relay market growth. More paid relays means more spam-free read paths for users who subscribe.

Spam on Nostr in 2028 is likely to be a smaller problem than in 2026. The pace depends on implementer effort.

The user's takeaway

Spam is real on Nostr. It is not overwhelming for users with reasonable setups. The practical recipe:

  1. Use a mainstream client with good defaults.
  2. Follow twenty people to activate web-of-trust filtering.
  3. Mute spammers as you encounter them.
  4. Consider a paid relay if you want additional cleanliness.
  5. Never engage with strangers DMing you about crypto giveaways.

Under this recipe, a daily Nostr user sees minimal spam. The rough early days are a real issue; the steady state is manageable.

Get started

Claim your Nostr identity in 2 minutes

  • •Your own @nostr.blog address, verified everywhere
  • •Built-in Lightning wallet for sending and receiving zaps
  • •Full client in one place: feed, notifications, DMs, media, relays

From $2.99/year.Shorter premium names cost more.

Start with nostr.blog→

Frequently asked questions

Why is there spam on Nostr?
Because Nostr is permissionless. Anyone can create an account and post without approval. This is the same property that makes Nostr censorship-resistant, and it is also what lets spammers operate. The balance between openness and spam-cleanliness is managed at the relay and client levels, not protocol-wide.
Can I block spam on Nostr?
Yes, through a combination of client-side mute lists, web-of-trust filters, and choosing relays that spam-filter. With default settings in mainstream clients and a few minutes of tuning, spam becomes a rare annoyance rather than a constant one.
Do mute lists on one client sync to other clients?
If the clients both implement NIP-51 mute lists (most do), yes. Your mute list is a signed event on Nostr, and any client that supports the standard reads it. Muting someone in Damus mutes them in Amethyst if you use both with the same key.
What is web of trust on Nostr?
A spam-filtering approach based on who you follow and who they follow. If a spam account has zero followers that you transitively know, your client can hide it by default. Most mainstream clients enable this filter in some form.
Can I report spam on Nostr?
You can mute or block the account on your client. Some clients and relays also accept report events (NIP-56). There is no central 'spam team' that acts on reports, because there is no center. Your report is a signal to relays and other users, not a takedown request.

Related reading

Advanced and technical

What is a Nostr relay? A plain English guide

Relays are the small, independent servers that hold Nostr posts and forward them. What they do, why the design is unusual, and how to choose.

7 min readAdvanced and technical

Paid Nostr relays: what you get for the money

Paid relays promise spam-free feeds, higher retention, better uptime. What they actually deliver in 2026, which are worth using, when free is fine.

6 min readGetting started

Is Nostr safe? Privacy and security, honestly

What Nostr protects, what it leaks, and the specific threat models it handles well or badly. A frank security assessment in 2026.

7 min readAdvanced and technical

Are Nostr DMs really private? The honest answer

Nostr DMs use encryption but the privacy model has gaps. What NIP-04, NIP-44, and NIP-17 gift wraps protect, and when to use Signal instead.

7 min read