I'm avoiding banning IP addresses, I'm looking back at my anti spam plugins and adding options, but banning IP addresses isn't a great idea
1) IP addresses do not pin point a user, they in no way identify a particular user (unless they are for some reason stuck on a static IP address)
2) It's not a good idea for your real users... If you ban thousands of IP addresses, there is an increased chance you will ban a non-spammer by mistake
3) By banning IP addresses, you only target those that aren't bots... since most bot users will be savy when it comes to proxy use... they will cycle through IP addresses and not care that you've banned it
Instead, I'm thinking about banning
1) The email address used (this is a hassle for bot users, since they eventually have to go back and bot hotmail/gmail etc again).. unless they use temp emails, which you should ban anyway
2) Banning usernames (this can be a minor hassle for bot users that don't iterate their username list) << but here, you might needlessly fill up a list, making it harder for users to pick a new username
If you do ban IP addresses.. you could make it temporary (so they find it hard to re-attempt at least for a short while, then you avoid ever negatively impacting real users)
When you are talking 1,000's of bots a day... your banned IP addresses list gets large very quickly
That's my opinion, having an email banning option is preferential to an IP address banning option (and since you have the email passed through... you may as well make use of it )
I use to have such a add-on installed on vBulletin. While I love the concept, I can complete a registration in under 5 seconds.
Auto complete fills in my name, e-mail, default settings, and even a generic password I use when I first join a site (if I value the community I change this later). So basically all I need to do is fill in reCAPTCHA and press enter.... ie... 5 seconds to register.
So I've long since stop using these kind of scrips. I do love the concept though... I guess I could change the timer to 3 - 4 seconds or so. Something that even auto complete would not be successful on.
Auto complete fills in my name, e-mail, default settings, and even a generic password I use when I first join a site (if I value the community I change this later). So basically all I need to do is fill in captcha and press enter.... ie... 5 seconds to register.