You could use JavaScript cryptocurrency mining instead. User clicks a button to activate miner script, it runs in their browser for 10-30 seconds or whatever, then reports back to your server that they are good to go.
Don't know how the blacklist works. As someone who blocks javascript by default, if I were asked to enable this to submit a login, I would probably be okay doing so if I could be confident a script was only mining and not fingerprinting me. (Big if)
There are torrent sites that do this already (not as spam prevention, just to generate money). It's pretty annoying but I guess for spam prevention you could make the length of time shorter.
I'm against automatically mining on people's computers, but I think it's interesting as an opt-in: click this button to run the miner for a fixed amount of time in return for {posting a comment, attempting a login, etc}.
Since I'm also generally against javascript, ideally the code would open-source and it could be verified that it doesn't do anything malicious...
