biggest problem is that most clients don't support NIP-42 so it's almost impossible to screen out leechy DoS attacks by query

and this will continue to be a problem until all the client devs get off their arses and build NIP-42 support, and this is my personal crusade du jour because of the fact that it impedes SO MANY USE CASES