How is your institution dealing with the problem of spammers finding Canvas Catalog sites, self-registering and then self-enrolling in free open courses for the sole purpose of posting Spam messages.  Originally, they were simply creating spam ePortfolios, so we had Instructure disable that functionality entirely.  Then they moved on to using anything inside the free courses to post their spam — discussion boards, messages to other students, and even conference descriptions.  We’ve had to essentially disable ALL forms of student collaboration or discussion in our Canvas Catalog instance.

So far, the official solution from Instructure seems to be to disable self-registration, but does that mean canceling our contracts for Canvas Catalog?  The primary business purpose of Canvas Catalog *is* to enable self-registration.  It is essentially a pretty, public-facing, front-door to our LMS, and the best solution from Instructure so far has been to close the door.  

How are other schools handling this situation?