From 1f9988ff9bd905505a81140d1b0144e3cc144057 Mon Sep 17 00:00:00 2001
From: alltheseas <64376233+alltheseas@users.noreply.github.com>
Date: Sat, 7 Mar 2026 08:44:06 -0600
Subject: Update 66.md with defensive measures (#2240)

---
 66.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/66.md b/66.md
index 9b46791..9f06ff5 100644
--- a/66.md
+++ b/66.md
@@ -95,3 +95,9 @@ Example:
   ]
 }
 ```
+
+ ## Risk Mitigation                                                                                                                                                 
+                                                                                                                                                                   
+  - Clients MUST NOT require `30166` events to function. Absence of monitoring data MUST NOT prevent relay connections.
+  - A monitor may publish erroneous `30166` events, either by misconfiguration or malicious intent.
+  - Clients SHOULD NOT trust a single source. Defenses include: web-of-trust filtering, querying multiple monitors, and discarding filter results if they would remove an unreasonable proportion of relays.
-- 
cgit v1.2.3