Over the past hour and a half, someone has created hundreds of garbage accounts on my site. The reason it came to my attention was emails from SES reporting bounces on welcome emails sent out to them.
As Alchemist Camp is relatively small, my spam prevention efforts have been modest. I'm using a full-fledged web framework with security basics like CSRF tokens for forms. Additionally, I keep a ban list for certain email addresses, and also ban IP addresses associated with significant bad behavior.
I have some ideas, but I'd like to hear what others who have been through this do. What are the next steps you would take?