Yes. Cheap–identity systems such as Session and SimpleX are trivially vulnerable to this, and your only defence is to not give out your address as they are unguessable. If you have someone's address, you can spam them, and they can't stop it except by deleting the app or resetting to a new address and losing all their contacts.

SimpleX does better than Session because the address used to add new contacts is different from the address used with any existing contact and is independently revocable. But if that address is out there, you can receive a full queue of spam contacts before you next open the SimpleX app.

Both Session and SimpleX are trivially vulnerable to storage DoS as well.