high profile spammers will emulate enough of the browser to render any measure based on browser anomaly detection worthless
Based on actual experience of fighting spammers, that isn't the case. Like a lot of people new to spam fighting you're making assumptions about the adversaries that aren't valid.
There are many different types of spammers and attackers.
Some will be stopped by the simplest protection mechanisms.
Some will be indistinguishable from real humans, and you won’t be able to stop them without crippling your services for your real users.
But those are the two extremes. The real problem is the ones between those extremes.
Every intentional stumbling block you put in the path to try and stop those in the middle might also have a negative impact on your real users. The real problem is that the most troublesome attackers will learn and adapt to whatever stumbling blocks you put in the path. So, how many of your own toes are you willing to sacrifice with your foot guns in the name of stopping the attackers?
Very few, but that's OK. Good spam fighters don't have to sacrifice many or really any toes to stop nearly all spam. You seem to be assuming a linear relationship between effort and false positives, but that would be a very ineffective spam fighting team relative to the ones I've worked on. In practice you can have nearly no false positives combined with nearly no false negatives.
This isn't easy and many firms fail at it, but you it can be done and we routinely did it.
Based on actual experience of fighting spammers, that isn't the case. Like a lot of people new to spam fighting you're making assumptions about the adversaries that aren't valid.