If it becomes standard, the people that make bots will render it useless. The key is to make your registration process unique, since the chances of a bot maker caring about your specific forum is pretty low
I have a simple suggestion to defeat the bots, based around this concept of making each forum's user registration process in some way unique.
Rickard could code the Members section of the PunBB administrators area to allow Admins to add 1 (or more) custom form field(s) to the user registration page. This custom form field would allow (or require) each site to specify an additional unique registration variable for all forum signups, to supplement username, password and email verification.
The options available in this form could be anything the forum administrator likes. The format of it should also be variable, so that the admin can make it a drop down form, or radio-buttons, or a blank text input form box. Ideally, the php code or form ID for the subsequent form should also make its name unique, based on the form name or a randomly generated value.
Eg on one punBB forum it could be a drop-down form that asks the user at signup time to confirm: 'What's your favourite colour?', and gives them a selection of 'Red/ Green/ Yellow/ Blue'. Another punBB forum might have a drop down form that asks: 'Who is the President of the United States?', and gives them the option of specifying 'George Bush/ Dick Cheney/ Arnold Schwartzenegger'.
Etc, ad infinitum.
If every punBB forum that required signups had a unique question/response requirement like so, bots may have a harder time reaching into multiple punBB sites.
Is this concept valid?
What I am trying to express is some (built in) way of essentially randomising the punBB login sequence, so that each punBB board has in some way a unique login process.
Actually, a neater solution to this (now that I think about it) could be as simple as having the punBB installer assign a random prefix to either the login.php file or the register.php file, which is unique to each punBB install, so that for example on one site login.php becomes '123login.php', whereas on another site it is '99bblogin.php'.
That alone would screw the bots up.