Cryptography doesn’t prove the sender expended energy. You can require the message be encrypted but the sender could’ve sent 100M emails. If your service requires PoW then it prevents a denial of service. You can also require requests to be collateralized with bitcoin so that the attacker needs to think twice. If they send to a honeypot they lost their corn and got nothing in return. Forcing the messages to touch the chain severely restricts the volume of requests and also leaves a public audit trail. Again I’m just speculating here and honestly don’t have a clue what he’s trying to do but there might be something there.