I used to have this spam signup problem on my personal forum too but it has slowed down quite a bit. Now I only get one or two or max (like today) 5 a day. Diligently deleting spam accounts and adding to block lists seems to do the trick. I have “Staff must approve all new user accounts before they are allowed to access the site.” enabled which puts the new users in the handy new review queue so it takes just a moment to jam through them. Adding a custom question helps too in order to identify the obvious spammers.
On my work forum I use wp-discourse wordpress plugin and SSO, and have a very long signup form. We very rarely get spam signups that way.
You should also just remember that in such a case your own mail server can end up on a blacklist if too much form spam is distributed.
If the bot uses real addresses for registration, this can happen very quickly.
I have solved this by using an external nginx as a proxy for my discourse docker instance and monitoring the log file with fail2ban, i. e.:
This example means if anybody tries 3 times a registration within an hour from the same IP, then this IP is blocked for 12 hours.
Adjust this values for your purpose and system environment!