Here is how it currently works:
You enter the "ASIN" (Amazon stock number) into a single field, and click a button. You need to be logged in as an Amazon user. No other data is required, and you can enter multiple recommendations for different items.
There is no apparent limit on how many different books you add a recommendation to.
In 24 hours, the site is updated to reflect your additions.
Obvious changes would include:
Track number of recommendations made to a single book (both in one day, and over time). You need humans to look at the numbers and respond. It won't stop those who just want to undermine the system with random recommendations, but it will stop those using the system to promote specific books.
Limit how many recommendations can be made from a single IP address over a period of time. Say 20 per IP per day. But then what about big companies where employees are behind a firewall, do you shut them out?
Ok, then limit how many per account per day. But there is no limit on how many accounts you can create from one IP, all you need is an email address (easy). So you use multiple accounts. (likely already going on, certainly does for reviews).
So you limit Customer Recommendations to only users who have held accounts at Amazon for 6 months, and have made a purchase. Seems a bit severe, but how else do you control the multi-account problem?
Add moderation to recommendations, rank lower the recommendations where majority disagree with the recommendation.