Is it true that there is no rate limiting on the send private message functionality? I believe the internal name for the private message API is CreateConversationForm.
While possible, its not generally an exposed area because we have the ability to restrict whom can and receive messages, which by default has to be a friend. So in most cases that hurdle has to be overcome first.
The second issue is that they are private messages, and since they are private the only person subject to reviewing the abuse as valid or not outside of automation are those in the conversation, otherwise they aren't so private anymore.
We customized the setting so the option is all by default. We did this because we saw two users having to be a friends first as the hurdle/barrier to chatting.
We had feedback that our users didn't know why they couldn't PM each other. The feedback was that the PM recipient search for users field was broken because it didn't list the person they want to chat to.
I see in v10 on this community that there has been an update in this area and the recipient field now has 'cannot message'...
...but this still doesn't say why. Something to clue the user into the fact that you need to be friends first and a link to do that needs to be available.
Until that happens I am relutant to go back to the default as the confusion will surely return.
So for now we have the rate limit issue. And you don't need to have customized the default option for it to be a problem - you just need a community where a few users have have changed the option and then exposed themselves to spamming. Hence I think this needs to be look at.
I understand your concern, however even changing that does not address the latter, and probably more important issue of privacy. There is still an expectation that these messages are private to the participants, so it would be inappropriate to moderate them outside of that circle(in which case they got the message anyway). That would leave automation, and then you have potential non-delivered messages that may not have been abuse, but no way to know without violating privacy.
There are options of course, all require platform enhancements. I would recommend posting it in our ideas are if you have not done so already: community.telligent.com/.../