Instead of using a blacklist of IP addresses (which is like playing a game of whack-a-mole), I could recommend one of two strategies to reduce bot spam:
Strategy 1: Honeypot field.
I use this for one of my own web forms personally, and it works very well. The idea is to create an antispam field in your form, where if that field is filled (it will be filled indiscriminately with a bot), your system automatically marks the sending as spam.
You can hide the honeypot field from legitimate users by giving it a height of zero (or low) in the browser along with
overflow: hidden. In case a user has CSS disabled, you can assign the field a label similar to "antispam: leave this field blank".
Strategy 2: Captcha
An alternative strategy is to use a captcha, so that only humans can send their form. The most popular captcha solution is ReCaptcha, which can be easily integrated into a web form.