Oblique to the predictable Slack XMPP decision, but relevant to federation: Mastondon is a facinating federated social network. It addresses the identity/reputation issues without embracing fb-fascism or one-site-to-rule-them-all nonsense.
How it works
Anyone can run a server of Mastodon. Each server hosts individual user accounts, the content they produce, and the content they subscribe to.
Each user account has a globally unique name (e.g. @user@example.com), consisting of the local username (@user), and the domain name of the server it is on (example.com).
Users can follow each other, regardless of where they’re hosted — when a local user follows a user from a different server, the server subscribes to that user’s updates for the first time.
I do host my own mastodon server with a small community, the initial setup is a bit complicated but once you get it going upgrades are nice and easy (each update contains all shell commands necessary outside `git fetch` and `git checkout v{VERSION}`)
Only downside of course is that if you selfhost alone, your federated timeline will be a bit empty, I do recommend either finding a community or starting one to get a bit more activity (Mastodon is essentially geared towards a sort of "community neighborhood" decentralization, where only one in a few hundred or thousand users needs to run a server, on average)
Unfortunately ActivityPub (that powers Mastodon) has a lot of incidental complexity (including RSA signatures, JSON-LD, RDF normalizations to quads etc.)
I'm not sure how battle hardened Mastodon is, obviously they don't have the resources of Twitter or Facebook. Probably easy to DDOS an individual server. However, it might be possible for other nodes to transparently cache updates.
As to spoofing, we've got to move beyond humans memorizing unicode strings or profile pictures as a means of identity validation. Its shambolic enough that twitter users constanly change their display string, obscuring the twitter handle, but even without that problem, how many people send bitcoin/ethereum to @eloon_musk?
People do the same on other platforms. I've been impersonated on a social media platform via a two letter swap.
I don't think it needs a solution, administrators of instances have to solve this, first by asking to offending instance to ban the user, mute the user and if the instance doesn't do anything about repeated abuse, mute the instance.
https://joinmastodon.org/
How it works Anyone can run a server of Mastodon. Each server hosts individual user accounts, the content they produce, and the content they subscribe to.
Each user account has a globally unique name (e.g. @user@example.com), consisting of the local username (@user), and the domain name of the server it is on (example.com).
Users can follow each other, regardless of where they’re hosted — when a local user follows a user from a different server, the server subscribes to that user’s updates for the first time.