The receiver relay gets the gift wrap encrypted to the receiver while authed as the sender (some clients will not auth in this case because it breaks privacy).
The sender relay gets the gift wrap encrypted to the sender while authed as the sender.
Discussion
lets assume my inbox is jellyfish relay which is paid. and im subscribed there.
you want to send me a dm. if the relay only checks the p tag, anybody can send me dms and spam me.
but if check the sender is subscribed as well, it can control who is sending the dm.
my last idea (which i think you believe hurts the privacy): make sure the publisher is whitelisted using auth.
if people trust that the relay won't log the information, it won't hurt the privacy.
I think that works. You can build a WoT of your members. Then when a message is received, you request an AUTH and you check if the authed key has a good enough WoT for the p-tag.
If the sender doesn't have enough WoT, you could place it on a wait-list and ask them to pay a lightning invoice to temporarily buy WoT. You could use the NOTIFY nip to make it visible to the user.
Then you can delete that info once the transaction is done.