yes an intentional spam attack is when one entity is respending funds as soon as it confirms..
there is no logical reason to respend so fast.

this kind of thing could be mitigated by having transactions have a 1-6 block maturity after confirm. instead of using 'economics' to cost people out of utility.

that way the code protection of spamming harms less innocent people while actually reducing the malicious parties.
but hey the devs decided to do what banks do best. charge people more rather then have proper safeguards for protection. (they are doing the same stupid economic mindset in their LN project too.. avoiding using real code protections and instead letting economic penalties dissuade malice)