> that would probably be an incomplete mitigation:
Sounds better than no solution!
> -people can use the photo id field instead
Size limit can be enforced.
> -people can use valid e-mail addresses under an own domain ("catch-all")
As long as it can validate, seems fine to me. Better than no verification.
> -your keyserver suddenly can be abused for email spamming
Any online service that allows registrations can be abused for email spamming, if you consider registration
emails an "email spam".
--------
Another limitation: you cannot apply the email verification process to the recon algo, because the user would get flooded with verification emails. That means you could have a malicious SKS implementation flooding others with non-verified emails. Again, not perfect, but a good start.