Does the email address has a pattern? I faced similar registration attack, but the email address had pattern, I blocked them in code but gave a success response and the attack went away.

Let me guess, protonmail and tutanota?

Could you add some additional check if that domain is used? (Possibly with browser fingerprinting, or other req fingerprinting)

Possibly something even that just wastes a little time and makes them know you're aware of the behaviour.