Does the email address has a pattern? I faced similar registration attack, but the email address had pattern, I blocked them in code but gave a success response and the attack went away.