@codeberg If they use the same disposable mail address multiple times, maybe restricting such addresses to be used no more than once (or twice) per day (in the hope "creating new ones" is an effort they won't make too often)? Or do that with the combination of the address and TOR? IDK, but disabling both completely might harm other "legit uses". And no, I won't mention Captchas (unless you count "hidden input fields" which, when filled, tell you it's a bot).
A quick hack that we once employed, is to put a delay in delivering mail (to certain domains).
We mostly did that to spread the load,though. But it helped a lot when bots had to wait 1 to 20 hours before receiving the confirmation emails. Needs to be clearly communicated, though.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!