1 - annoying, it is not always possible to hit the soap
2 - already better, but can slip if the soap is generated on the fly
3 - left hidden fields that are not visible to the user, but "natural" for the bot - already good, but many bots can track.
I did this, everyone who wants to register, comments can be written on the fifth day, the fields during registration are not visible anywhere else, except for the profile and for registered users, after five days the comments from the user are checked for the presence of http (all other users receive a warning when trying to send a link). If an entry is found, then the user himself and all his comments are deleted, but not by IP, as it may just be infected. Cron works once an hour with such a check, it is reasonable if there are no more than 10 thousand users, then you need to think about something.
Back when search engine spam reports were working fine, once a month emails were generated with links from comments and search engine results as confirmation of spam, spammer sites eventually flew out of the index, now they don’t react as much as we would like ...

You can make some field in the form that does not need to be filled in and a standard name in the form like mail. Who filled it out is a robot. Hide it with styles.
I successfully demand to enter “3 letters of our university” on the university website. It seems that there were no people who did not pass yet, and robots that would pass :) Unless if you do not know the Russian language, there may be a problem, even if there is no Russian layout, no one bothers to copy the abbreviation from the same page.

If the audience allows, can you register via SMS to your phone? Activate with code.

d. numbers in the username
But this item confuses me sooooooooo much

Methods that do not interfere with the user: analysis of the IP request, checking against blacklists (registrations from anonymous proxies and torus - we block, from countries like China or IP data centers - we skip, but mark as suspicious). It is especially worth paying attention to mobile IP and IP Operas from Norway - they just do not need to be banned.
Checking for JS and Flash support on the client (if not, it's most likely a bot).
Analysis of links between accounts (login to different accounts from the same IP with the same cookie, or at a similar time for example). Analysis of the number of registrations over time. Analysis of user behavior after registration.
Bots are also good to catch on filling trap fields.
You also need to understand that bots are different, there are those that stupidly go to all sites and send all the forms found on them (these are easily cut off), and there are the best representatives of dark hats specially designed for your site, it is more difficult with them.
The methods you suggested are either useless or interfere with the user, but are easily bypassed by spammers, or generally represent epic nonsense (about the numbers in the name).
In general, start with the question of what threatens your project with "left" registrations. Why are they made. Maybe you need to log in to the site where you can do without it? Comments can be left without registration.
If you make a blog management system and are afraid of spam links, make a reputation system: an unverified user cannot leave links, a verified one (actively commenting or approved by the blog author can). Check link domains against databases like akismet.
If the project is a social network and you are afraid of mass registration for spam, everything is much worse. Only linking to phones really helped the VKontakte level project, all other methods were easily bypassed by spammers. However, you can fight spam by introducing a reputation system, as well as limiting interaction between non-friend users.

If the resource is thematic, then the contextual issue kills Chinese-Indian outsourcers to overcome captcha.
If not thematic, but general purpose, then ... We must think.
The rule proposed above should be written only for 2-3-N days, and a ban for the impatient - well, few people read the signs.
Although if it's a red banner, it might work. After all, you don’t really need impatient and intolerant users, do you?
If a store, then you can load a person for two bucks and return them back with the first purchase.

not for the purpose of advertising, I will say that after I put a graphic captcha from Keycaptcha on my sites, I no longer saw a single bot, whereas before that there were ten left registrations a day.

Another pattern for finding spammers is repeated passwords.

a. email (mail, the presence of numbers)
Well, this one, too.
You can also record user verification by phone number. and 2 ways.
1 - please indicate the phone number and enter the code that will come via SMS (very wasteful)
2 - generate a code and ask him to send it by SMS for activation (you can get some money back)