This was actually one of my first thoughts when all this started happening. Surely they'd have some access control mechanism? Meaning DMs signed by anything other than approved npubs would be ignored