This evidence is mostly meaningless unless you can be trusted to provide truthful information, in which case you could just say "auto-generated e-mail addresses" and "same AWS subnet" instead of posting actual e-mail addresses and IPs. Or post them hashed. Or ask a third party to verify.
Thanks for the suggestion. I'll try to incorporate that in future. It's too late to change it this time as it all republished automatically elsewhere.
Another thing that stood out in one your debates with a supposed abuser is that you're saying it's obviously a bot if they run it 24/7... if it's obvious why are you allowing it? Why not limit to 16 claims per day or whatever is "human". Or at least ban them after a week instead of letting the whole farm run for months and then get to the point where you feel you have to post e-mails etc to defend yourself.
We did previously have a system in place that automatically blocked bots that made an infeasible number of rolls over a period of 5 days. The problem is that they soon work out the limit and stay below it. Why not run 3x the number of bots 8 times a day?
The same goes for every detection system I have been able to come up with. The one idea that I had that has drastically reduced abuse is to leave them to waste several months getting a balance they can withdraw and then blocking the withdrawal for a manual review. That way they then have to spend several more months to find out if they correctly guessed how I caught them.
I understand that this business attracts all sorts of shitheaded freeloaders but you're not going to scare them away by posting e-mails publicly. You might scare away good customers though.
The intention was never to scare them away, just to refute their claim that I scammed them.
I know I got angry and overreacted to some things here and I'll try to do better in future. I don't want to scare anyone away.