How are you going to determine the timezone of your user? Get it from a HTTP header? if that is the plan then don't bother. The spam bot can set any timezone. An idea would be to use some geo location code if you want to allow just visitors from a certain country.