Can't we implement on relay level spam protection to filter content at least based on keywords? I know it's not ideal but part of spam could be rejected before it touch database.
Discussion
BTW, I'm on it now. Except spam protection I'm also working on other security layers. Key thing will be to keep this in balance with still good relay performance. Definitely EPS only for checking events end rejecting them if malicious it's much higher than for processing valid events through all step until it touches DB.