Well, for one... require approval like I do now. Meaning I have to check off on anyone. Sometimes someone "seems" legit, and still gets through though, but then they just get deleted/banned as soon as they post spam. Also, ban the countries that spam the most, like russia, china, and india. On the Admin control panel, you can go to "Ban List" and setup a hostname trigger. Add things like "*.ru", "*.in", and "*.cn" as bans. I just added .ru yesterday, and it's blocked 2600 hits already (mostly just repeats from the same few IPs, but still.)
I'm thinking about a comprehensive list of IPs from each country that I could ban at the apache level, and other people could easily use the same ban list if they wanted. I may put together something like that. For now, as mentioned above, I just added http authentication through an ugly hack. It interrupts the middle of the registration with a login prompt from the browser. I haven't gotten any new member signups since, so I'm curious to see if it works long term. If it does, I'll show others how to do it.