Yep, it's not like they care about having the domain a year later after they already used it for spam and it is banned everywhere.

Not only that, by the time the authorities catch up to the lawbreakers they'll have seized the domain regardless of whether it has accurate whois data. You can't threaten wrongdoers with something they're already subject to. The penalty is only a penalty to innocent people.

Depends on the spammers and the scammers, and the strictness of the verification policy. It's relatively easy to verify physical addresses and phone numbers, and quite a number of criminals are not particularly sharp.

No measure eliminates crime, but some do reduce it.