While the behavior has been documented, perhaps new mitigations might still be useful.
One way to reduce the impact would be to implement identity key rotation: Another use case for identity key change
Another might be that unless a new unknown account has previously gone through a personal invite link challenge (which I assume the local client could track in some way) any direct message from them is immediately silently auto-deleted if some new “Established contacts only” option was picked.
I like the suggestion.