How about implementing an array of client-server session keys to threads tied to a set of keys site-wide? Generate the key on the server, mirror them into the client's webstorage or indexeddb, run a script that forces the client keys to always match the server's keys with every load, update & post and hitch the keys, user agent & thread to the ip in the database when they get banned.
When the thread passes a certain threshold of deleted posts to ip ratio, it runs an additional check for every new post against the ban record's user agent and session keys to make sure it's not the spammer and extend the posting cooldown for sessions racking up reports and ips within the thread.
Taking it further, maybe store a ban flag in all types of clientside storage including pages themselves and have a looping background script that refreshes the flags and makes sure the user can't just delete them clean one way or another.
None of these will shut down a spammer for good but at the very least it'd make it a much bigger pain in the ass for them to keep at it.