Also security theatre though, best avoided. A false sense of security is always worse than just being on your guard all the time. First you have to have some notification for Person B if the most recent message seen by Person A (at the time that person A was composing) isn't seen (yet) in the history of Person B, and these notifications will be flooded with false positives. (If you don't have a notification then the gaslighting attack, which could easily be real-time in nature, goes through.) I'd imagine most peole would hate it. Second, the attacker just sends an emoji immediately after the gaslit message and done. Person A's client only does this auto-tag for a new message, but by the time Person A is composing this new message the gaslit one has been buried under a clean one. So the auto-reply checks out. And then if you start going down the multiple past messages array or Merkle route paths, you're basically attempting to recreate Marmot/MLS from the ground up. Unless you meant some other way, not background-replying to the most recently seen message as I understood it there?

Multiple simple things have been suggested already to fix this but in the end no one saw it as that important for users. But it can be super simple because users just need to know that one other user is gaslighting everyone and kick him out. Tagging all IDs at least once in the conversation on new DMs can make a complete record of what the user has seen. Bloomfilters of messages in the past month/week can also help and fully solve it. It's not just theater. After all, it is possible to apply the same gaslighting tactics in every single nip in nostr. The simple fact that we can create content in the past can be used to gaslight everyone. They don't need the DM spec for it.