I'm current working on this, and published a nostr-access-control library  (https://github.com/neilck/nostr-access-control) as a proof of concept.

As I work through the front-end app through, that library will probably change.

1. When applying for a group membership badge, a user must have all the required admission badges, including  a "not-a-bot badge" issued by an web app running Captcha.
2 When using a Nostr app, app can promote notes and other content from people who share the same membership badges. 

We fight spam by promoting the relevant content versus trying to surpress the negative content.