You know I'm a committed user of the fediverse, perhaps this post will surprise you. Still, at some point the truth has to be told, before lying leads to a catastrophe. I think I've been present in the fediverse (sometimes hosting a pod of some software and sometimes not) since
Indeed. Making sharedinbox a requirement would mean that a server could simply refuse to do it the other way and then be immune from that attack. But because it is optional, all servers must then be vulnerable to this attack.
It can be mitigated by batching, and delivering say only 5 copies to one server at a time, but that would have to be very carefully crafted to not cause queue backup for other messages.
The ultimate workaround is queueless delivery, but there will still always be some penalty of having to keep revisiting a particular server.
A malicious actor can also deliberately slowly respond to deliveries, forcing the sending server to keep many sockets open.