Out of the box, throttle new account registrations

[Yoric]

A simple measure could decrease the ability for malicious users to DDoS federation: throttling new account registrations.

Example behaviour

1. Add a configuration to homeserver.yaml, e.g. max_registrations_per_minute, defaulting to 1.
2. When the total number of registrations during e.g. the last minute is too large, send a "try again later" message.
3. Servers that wish to offer public registrations to numerous users can of course customize this value or make it infinite.

This may require:

1. A new error code M_SERVER_BUSY;
2. Adapting the UX of clients to make the problem explicit.

[babolivier]

Synapse already has rate-limiting on registrations (see https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml#L766-L805) though it's ratelimiting on the user's IP address. If I understand it correctly your suggestion would be to have something like this but global to the server; which sounds like an interesting thing to have but we probably want to think better about the design and defaults of this feature so that it's not confusing for Synapse admins.

On the error code and client behaviours, you probably want to open a separate issue on https://github.com/matrix-org/matrix-doc since this is more of a spec thing than a backend one.

[Yoric]

If I understand it correctly your suggestion would be to have something like this but global to the server; which sounds like an interesting thing to have but we probably want to think better about the design and defaults of this feature so that it's not confusing for Synapse admins.

You understand correctly and I agree that it needs more thinking.

On the error code and client behaviours, you probably want to open a separate issue on https://github.com/matrix-org/matrix-doc since this is more of a spec thing than a backend one.

Was lazy. Will do :)

[babolivier]

Thanks! :)