You could make a very small plugin so only email addresses on the mailing list can be used to register new members; this could be combined with other "defences". It'd stop most of the automated Wordpress registration scripts that are out there; though it obviously wouldn't hold out a determined attacker since all they have to do is register with the mailing list to be allowed in...