It is a difficult trade off.
Some of my policy is as follows:
- Block unique IP's for months (permanently?), delete member and spam posts. That implies that internet cafe's may have their Ip's blocked. I think my forum is, in 99% of the cases, not aimed at people using the internet from those cafes.
- Delete member if it is clear that (s)he breaks my forum rules in his/hers signature. Deleting a member is the easier part. Four clicks with the mouse. It takes much longer time to sign up again.
- Delete post and member without argument if it is clear that the member has not read the forum rules. The member has to sign up again and (s)he will be deleted a second and third time if it is clear that (s)he does not still read the forum rules.
- Block some Ip ranges for a time. Try to be as unpredictable as possible when I reopen an Ip (range). It is possible to randomize reopening of IP ranges. This is done in seconds (but still my time) when I edit .htaccess. I simply make the line a comment line using #. Just as fast to uncomment the IP range, a second, third and ... time. But still my time.
- Worst case scenario when you go on holiday
deny from 0.0.0.0/1
Then you block (nearly) the world and can go to another planet or make an extranet for your customers :-)
P.S. I note that some of the smarter spammers come from GoDaddy. E.g.
Location: Japan.
Name when I look the site up on DnSstuff, American.
Email: Quite another place.