Yes, requiring auth is a relays decision. I just don't feel comfortable it becoming the norm
And your right about most clients being setup in a "dumb relay list" model where they make the same requests to all relays even if those relays indicate they require auth
I'm slowly trying to fix this in noStrudel. but moving away from a "relay list" and figuring out how the app should retry requests is difficult