With the assumption that a real person just uses one PoW request for a message and attackers are creating dozens of messages which requires dozens of PoW requests?
Discussion
But creating POW that equals a users mobile device on cloud is essentially free
No, cloud computing i's not free.
And the spammer, by definition, has to send thousands of messages continually.
Growing minimum PoW with other heuristics (similar messages, new npubs acting similarly, etc) could make spam more expensive.
At least, it's worth trying it, imo.
Of course it’s not technically “free”, but if it only needs to compete with mobile devices (even hundreds or thousands) it’s practically free.
A modern MacBook Air is 1.6 million times faster at sha256 than an iPhone is (citation needed, this is GPT knowledge). The gap is so massive
But you are always supposing users would be constraint to mobile CPU, and that's not entirely true:
NIP-13 allows for Delegated Proof of Work:
https://nips.nostr.com/13#delegated-proof-of-work
We all can play the same game of spammers 😉