This is a good idea, actually -- make it impossible to distinguish a banned request from a succesful request. At least that could delay the discovery period, as would randomizing the request limit.
I've wondered if a web server or proxy in something like Erlang would be ideal there, where there is little server-side penalty in dragging requests out progressively longer.
With the lightweight processes, the cost per should be very, very low, and basically make it easier to Turing tarpit the scammers.