michaelper22 is right - the CMS I used before had a blacklist system, but this is fundamentally reactive - you have to have been visited by a bot before you know that you need to blacklist it. The domains changed too quickly for me ever to get spambot registration under control.
My system is working at the moment (see above). I had about 10 spam registrations in two days before I put it in place: I've had none since. Of course, if this system were widely used, then it would be worth the while of the bot-writers to code for it, so it has a limited shelf life as it stands, but (for a change!) I find myself one step ahead of the bots.
There are ways around rewritten bots. At the moment, anything non-blank will convince the registration form that a registration is real - something more specific could be put in there (err, like a sum, I guess?! but that might have overtaxed my limited PHP ability...). Or the name of the additional input could be changed, though this name is readable in the source by a more intelligent bot, I guess.
The verification is hidden server-side in the PHP (check page source before and after failed registration), so the best solution is probably to make the verification customisable.
Another option would be to change the name of the registration PHP file, so it wouldn't be where a bot is programmed to look for it.
However, at least until the widespread copying of my "hack", I can rest in the knowledge that I'm all right, Jack!