This is a good idea, actually -- make it impossible to distinguish a banned request from a succesful request. At least that could delay the discovery period, as would randomizing the request limit.
I've wondered if a web server or proxy in something like Erlang would be ideal there, where there is little server-side penalty in dragging requests out progressively longer.
With the lightweight processes, the cost per should be very, very low, and basically make it easier to Turing tarpit the scammers.
With the lightweight processes, the cost per should be very, very low, and basically make it easier to Turing tarpit the scammers.