Please. Captcha by default. Email domain filters. Auto-block federation from servers that don’t respect. By default. Urgent.
And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not “thousands of dollars” spent.
It happens to email ALL THE TIME, we just call it something different when it happens to email. Evaluating email for SPAM potential is an every-day common place occurrence, and for at least the past 10 years, a factor called ‘domain reputation’ is part of the equation. Entire domains get spam blacklisted because they refuse to enforce rules for their users. The end result is that some domains completely refuse to accept mail from some other domains.
Blacklisting an entire domain can and does happen daily. It just doesn’t have the same triggering ring as the word “defederation” has.