While agree with this statement, I think it’s important to remember that to ensure long term decentralization and permissionlessness of the network, spam protection needs to remain at the edge (your own words 
).
App developer should strong be encouraged for RLN membership ownership to be the default/preferred path for users.
Solutions such as RLNaaS, where a project runs a flight of light push nodes that attach RLN Proof to users’ message are an option. But it would weaken the security model and could potentially lead to what email provider are today: a cartel controlling entry to new comers via spam protection mechanisms.