Random unsolicited thought (disclaimer: I haven't been watching or participating in the spam response at all):
One of the main differences between social/activitypub spam and email spam is that contact lists are largely open, and programmable querying is possible. What does that mean?
If you see a new follow request or mention, you can check to see if anyone else you know follows that person. If not, the spam propensity is much higher. Email servers can't do this [without centralization].