Captcha and email actually won't stop thorough trolls
- 1 recognized captcha pic costs as low as 0.1 cent(paid only for successfully recognized images), so u have to introduce something that cannot be solved by presented services like "captchabot" but still hardly solvable by algorithms
example:
http://lmgtfy.com/?q=captcha+bot- 1000 emails cost ~ 1-10$, very poor protection actually but it's better than nothing
also u have to think about such services as:
http://lmgtfy.com/?q=email+for+spamThe last thing I'd recommend to do is a proof of work protection when connection comes from previously not known IP address:
- delegate a client a simple task that takes N seconds to compute - calculate hash that starts from 0x00(N times) where N is hardness of the task
such task should take 10-15 seconds to compute on an average PC
this helps to protect network from abusing by malicious multi-threaded bots as it requires time(sec) to solve the task * N threads of computational time and fast becomes resource inefficient.
for example to attack network with 100 threads you will need 15 * 100 seconds of computational time - a big deal and very resource hungry
+ captcha for each registration
+ new IP for each registration which is not blacklisted, combining with the first requirement of proof of work - good luck to abuse this without investing N amount of money in hardware.
server can verify proof of work blazing fast for millisecond or less and after this is done IP address can be white-listed for a few hours(days)
