I would say either with spam mass estimation (http://infolab.stanford.edu/~zoltan/publications/gyongyi2006link-tr.pdf) or anti-trust rank (http://i.stanford.edu/~kvijay/krishnan-raj-airweb06.pdf)

Both are pagerank-like algos but here having a high-value means bad.

However, these black-lists aren't the solution imo, because updating them costs more than creating a new npub for the attacker.

Conversely, white-lists are the way to go, because the cost is on the attacker (work hard to be included in such lists).