[keyle]

So in terms of 16 requests, that's nothing. Something actually malicious would be thousands.

Either this person is setting up to do something malicious and hasn't even started, or they're more likely studying your sign up process, struggling with it, and have a short memory so they did it many times over 15 days.

The fact is, having an open form on the internet is like having an open invite to come shit in your toilets.

Since this person is within your industry, I'd just poke them and ask. That will most likely make them stop. The fact that they use their own IP address and used a real email address means to me that this person is non-malicious.

Plus point for sending them a report of their own activity, real time as they submit it, to their email address.