What helped to mitigate these on Magic Pages (and Synaps Media, as far as I am aware) is blocking Tor traffic on the /members/api/send-magic-link endpoint.
Cloudflare specifically has the country code T1 for that:
PS: I have personally not observed traffic coming through NordVPN – though if you see patterns and use Cloudflare or similar providers, that would probably also mitigate that.