You can mitigate this with DNSSEC, CAA records and account pinning. See: https://www.devever.net/~hl/xmpp-incident