Perhaps a temp solution to the massive spam attacks hitting the #Fediverse can be quite simple:
For #Mastodon instances, they can add a hcaptcha on signup just before the email confirm: https://docs.joinmastodon.org/admin/config/#hcaptcha_site_key
So far this worked for us