Google "ip blacklist database" to see what sort of spam blockers aid is already available. There are also country-ip databases available where REMOTE_ADDR can be looked up to fetch country and then one can allow or deny.

I fixed the vulnerability in the email validation plugin 10 months ago: http://trac.elgg.org/changeset/3731/trunk/mod/uservalidationbyemail/start.php

Yup, my apologies for that Cash, the only reason this came to my attention is that I was looking an an old 1.5 build. I found that some folks could punch their way through using this technique.

These guys do a great free IP database for determining country of origin

"wget http://software77.net/geo-ip/?DL=1 -O /path/IpToCountry.csv.gz"

1) Wget that file (read the terms as they have some 'non abuse' conditions)
2) Use a mysql infile statement to import it into a table of choice
3) Use code similar to that shown below...This will return a row of data, country of Origin

$address_long =  sprintf('%u',ip2long($_SERVER['REMOTE_ADDR']));
$sql = "SELECT * FROM country_ips WHERE start <= ".$address_long." AND end >= ".$address_long;
$rows = get_data($sql);

Get this data and then decide on whether or not the user will receive the validation mail. If the user does not receive the mail, an admin will. Customise actions/register.php to achieve this.

I hope this helps.

Paul