It's been a LONG time since I've been to the YAF forums - but we're due for an upgrade, and have had an old problem rear it's head again.
In the past, this wasn't an option - but does YAF now have a feature/function where admins can enter in a list of email address top-level domains that can be blacklisted on registration?
I would hope it would be a simple feature, if it doesn't exist - and if not, am willing to put some time into it although I'm nowhere near the seasoned .NET developer that this team already has - but it's worth it to me to contribute where I can if this feature can be added. Currently, I'm being hit with almost 100 spam registrations a day. They're getting around the new-user security and have the ability to post in forums that their accounts have not been approved for. We've audited our security and logs and can't find anywhere where an admin is logging in after the account is created and approving them for "regular membership".
Currently, they register and have access to only one forum for new members - from there, we would "approve" an account that allows post access to all other forums on the site. Somehow, they're getting registered and approved for full membership without interaction from our admins or moderators, and access logs verify this. I'm not sure what analysis we can provide to find out where the weakness is. Either way, we need to find a way to stop them at the gate, and even reCaptcha isn't slowing them down at all anymore...
If you can't find it using the forum search, try my signature link -- searches this site using Google: Google is my Friend