That message is very misleading. I had to look at the code to figure out what’s actually happening.
It’s trying to say that the
newuser_spam_host_threshold site setting kicked in, which prevents a post from being posted if it contains a link to a host that the user has linked to too many times recently. It doesn’t block a user, it just blocks the one post. I’ll improve the wording of that message.
The user was trust level 1 by the time they got flagged, so the
num_flags_to_block_new_user auto-blocking code couldn’t block them. I think users at trust level 1 should still be blocked from getting so many spam flags. It’s easy to get to trust level 1, especially if you know what the requirements are.