Yes, we can discuss about this SPAM feature in detail. I do see other people also complaining about this. My only one site was infected so much with this so I moved from q2a to other forum platform. I re-installed q2a site at least 5 time from backup to remove spam. You can imagine how much SPAM it was. Interestingly I dont see that much SPAM on other sites.
Please think about this SPAM protection feature seriously.
One option I can think of now is ....
1. allow registration email from certain domain, like gmail.com, yahoo.com or outlook.com only
2. dont allow registration email from certain domain like protonmail.com, mailinator.com etc
3. remove fb login plugin and come up with social login plugin, add fb, google, twitter, instagram, github etc in it. If there is spam then admin can enable registration only from these social sites.
I will think more on this and will post my more idea about SPAM protection.