@Gargron@grufwub also, with authenticated fetch, shouldn't all ratelimited routes be authenticated by either a user or another instance, and thus can be ratelimited based on that info?
@f0x@grufwub For the most part yes but there's still the case where a spammer creates multiple accounts but from a single IP in which case rate limiting by IP helps slow down the multi-account spam
Gregory's Server
@f0x @grufwub For the most part yes but there's still the case where a spammer creates multiple accounts but from a single IP in which case rate limiting by IP helps slow down the multi-account spam