Security and privacy
Thanks for your ideas, and refernce to MDL-39503.
What I really meant to say in my previous post is that in Site Administration|Users|Accounts|Bulk Actions, there should be a filter for "Users that are not in any course after xx days"
Once again, what I (and others) am finding is that with self-enrollment features (even Captcha), these (sophisticated ) spamming systems are able to create users. In my Moodle, every course requires an enrollment key, so these spammers have not figured out how to actually get into a course. Moodle doesn't provide any way to easily delete "students not in any course".
Exact same situation here. Lots of email self-registration fake accounts but no enrollments because of enrollment keys. Having another filter for those accounts would be great. I've up-voted MDL-19190.