afaik the last attack was not only spam but more like a password-steal-attack. And all of above solutions/proposals would not have helped here. But only blacklisting those adresses where the attack came from. And yes it is inconvenient. But (just as an analogon): would you like to enter a plane where there is no security check at all? [me for sure not] Not that I would like Datenvorratsspeicherung nor any other in-advance-protection-by-prediction. But tthere is a price to pay for security. -- and always remember (at least my knowledge): the more often you use tor the more likely it is you hit an 'official' exit node (run by authorities) and getting noticed...