I sincerely believe we should nuke all DM and encrypted stuff from Nostr.

But if you want a more charitable answer then yes, it doesn't work with whitelisted relays.

It could work though if you match the receiver pubkey, which is available in the giftwrap, and accept any messages to that recipient.

You could also require PoW from the sender to decrease spam.

But ultimately the best solution is to have two pubkeys used only for encryption, one for the external giftwrap, another for the internal encrypted message, then you share the external key with the relays you're listening for DMs and then they can decrypt the giftwrap and see who is messaging you, then accept the message if it's a friend or WoT, or reject it if it's spam, or even send a message back (not from your key, just a random message) saying that in order to send you a message they must pay 10 satoshis (or something like that).

This is not a super hard fix, but very annoying because you have to announce these two extra public keys and share the corresponding private keys around, syncing them across devices -- but we'll ultimately have to do that anyway in order to be able to use bunkers, frost bunkers, musig2 bunkers, SGX bunkers, and also because it is a good idea to decouple encryption from identity.