You can still DOS free-of-charge in the stage of providing the outputs. You can't identify the signers of the inputs to know who to charge a fee until the last stage where all inputs need to be signed to the transaction.
By definition the blind signing of the outputs has to be uncorrelated with the inputs.
I don't claim to understand this perfectly -- but does this part of the whitepaper contradict you here?
[snip]
To defend against various attacks, DarkSend implements a collateral system. A transaction for
0.1DRK is made out to the payment node to ensure proper usage of the system.
This
transaction is separate from the funds added to the DarkSend pool. If a user submits an input
but refuses to sign or leaves
at any stage, the payment node will cash the transaction
by signing and broadcasting it. Collateral transactions require multiple signatures to complete
from more than one payment node.
[/snip]
By definition if anyone can correlate who didn't sign an output to the one who provided an input, then the anonymity is broken.
So the only way the penalty fee payment could be uncorrelated from the inputs to the transaction, is to create the penalty payment after providing the inputs. Thus one could DOS at that point and refuse to provide the penalty payment.
Indeed they can prevent DOS if they break the anonymity by correlating your penalty payment to both your input and output.