Perhaps, but in both cases, I think that the principle problem is attempted control at the wrong portal.

Rather than individuals or devices, residential / mobile / business service providers should be able to vouch for personal traffic and be in a position to validate patterns of use without undue profiling of specific activity. That is, just looking at the encrypted traffic patterns (rather than MITMing SSL/TLS or other secured comms) should show usage that's typical vs. atypical / malicious.

Traditionally, service providers of all stripes (email, ISPs, Web, etc.) seem to have focused far more on ingress security than egress security, or potentially malicious traffic from within their own networks. That's got to change, it's ultimately a hygiene question.

For residential and mobile Internet, accounts are managed at either the household or individual level, and it should be possible to provide attestation and reputation management (as well as, perhaps, broad-based subscription access to compensated content) at those levels.

For commercial access things get more complicated, particularly where a location might provide public Internet access (e.g., public WiFi), or have a mix of human and system-generated traffic at an office, commercial, or industrial site. Still, there should be both well-established patterns of use and indications of anomolous or malicious traffic possible here.

Another option for smaller human-scale networks (e.g., Fediverse / Mastodon / PeerTube / Pixelfed / Lemmy / WriteAs networks and the like) is a mix of harder authentication (Yubikey or NFC-based wearable authenticators, perhaps) as well as a more manageable human-scale moderation (1:1,000 or 1:10,000 scales far better than 1:1 million or 1:1 billion services), allowing for both oversight and keeping the opportunities / benefits of malicious use limited.

The comment I'd originally responded to had me thinking of under-delivering federated systems such as Gemini (the lightweight Web protocol, not Google's AI) or Diaspora* or countless web boards and wikis which ended up overrun by spam and abuse. Simply saying that you're going to re-invent things at small scale in no way means you'll succeed. The ecosystem's changed, the pathogens are far more numerous and capable. Modern systems and networks (social or otherwise) must face those facts head on, and not ignore them or pretend they don't exist.

I think we're going to end up with some form of cost-based (though not necessarily financialised) reputation management systems. I'd very much like to see those not being terribly invasive of privacy, or putting extreme barriers to those with limited means or technical knowledge. It's a tough problem all the same.