phaolo: The first easier step, however, is to require
real different emails for each new account.
JMich: Define
real emails. It is relatively easy to set up a mail server that sends any {string}.user@host to user@host, so you can have any number of
real mail accounts in seconds. Set up one mail server, have infinite emails.
Gmail lets you use infinite email aliases by adding "+whatever" to your gmail address, which can be a very useful aliasing feature. ie: joeuser@gmail.com can use joeuser+gog@gmail.com for GOG, joeuser+steam@gmail.com for Steam, or any other number of +aliases for whatever purpose, without having to pre-configure anything. Inbound email to these goes into the user's standard inbox as well. Unfortunately, while "+" is a completely valid RFC compliant character to appear in an email address, many email mailing list systems or web forms and other things that parse email addresses are not RFC compliant and as a result these Google Gmail aliases do not work on many websites due to bad programming so if anyone decides to try this out - just a heads up that it may not work at some places. :)
Ultimately, there are many ways for people to have access to infinite numbers of email addresses, but they are not all just used by scammers either. I use the Gmail aliases mentioned above for a multitude of useful things when the given website or whatever doesn't barf due to the "+" in the address. :)
It's not possible to really determine if an email address is valid and can receive mail simply by looking at the address or examining it algorithmically, but websites have solved this problem decades ago by sending confirmation emails with links that must be clicked on to validate that it was received, thus confirming the person owns the email account and it is receiving email. Why GOG doesn't do this is a huge mystery as it's pretty standard stuff. :)