I disagree. If you carefully design the protocol to be a web-of-trust then you can not miss stuff and not get spam. But it has to be fundamental to the architecture, not tacked on later.

The "trade-off" is no global view or state. But that is fundamentally impossible at some scale anyway so not really a trade-off.