.

SUPs.md

@@ -62,6 +62,29 @@ Current Nostr implementations reveal users' network locations through direct rel
 3. **Delay Compliance**: Wait specified time plus random jitter
 4. **Padding Operations**: Apply size modifications as instructed
 5. **Multi-Relay Posting**: Post to all specified relays
+6. **Relay Authentication Constraint**: Throwers can only write to relays that do not require authentication (AUTH)
+
+#### Relay Authentication Requirements
+
+**Critical Constraint**: Throwers MUST be able to post events signed by other users without possessing their private keys. This creates a fundamental limitation:
+
+- **Read Capability**: Throwers can monitor any relay (AUTH or non-AUTH) for incoming Superballs
+- **Write Capability**: Throwers can ONLY post to relays that do not require NIP-42 authentication
+- **NIP-65 Compliance**: Throwers must maintain accurate relay lists distinguishing read vs write capabilities
+
+**NIP-65 Relay List Format for Throwers**:
+```json
+{
+  "kind": 10002,
+  "tags": [
+    ["r", "wss://noauth.relay.com"],                    // Read+Write (no AUTH required)
+    ["r", "wss://auth-required.relay.com", "read"],     // Read only (AUTH required)
+    ["r", "wss://write-only.relay.com", "write"]        // Write only (no AUTH required)
+  ]
+}
+```
+
+**Authentication Testing**: Throwers should automatically test relay authentication requirements by attempting anonymous event publication and classify relays accordingly.
 
 ### Rationale