I have a three step registration process on my site and the form includes a captcha and checks that the referral from step1 to step2 etc has come from within the site and that all form fields have been filled in correctly.

Without being any expert on spamming, that makes me hopeful that the registration spam that I get is at least human-generated rather than bot, but more than happy to be corrected if I'm being naive or over-confident about the security measures I 'd taken.

The bulk of the spam registrations are @guide3.net web.de and gmail email addresses and wondered if anyone had any successful solutions for preventing spam registration based on email address or IP that wouldn't make it a pain for the honest registrants.

Many thanks in advance.