Update: After detailed discussion, it seems that this setting is working as currently coded - it only checks emails against a list after an account is deleted. As this does not help when a spammer makes many accounts immediatly before spamming the site, this should be updated to check emails against all recent registrations and put users into approval queue if the similarity is too high.
Working to update spam settings after recent attack at Stonehearth. While cleaning up the damage, we found that someone had made multiple accounts, all with suspiciously similar email addresses. Looking closer, we realized that all the emails are identical, at least as far as Gmail is concerned - but it seems Discourse treated them as different emails. From reading about levenshtein distance on Google, it seems to be a measurement of string simularity. With a default value of 2, I would have assumed these accounts would have been caught, as they only moved the period.
Emails in question:
firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com