[Mainstaff]

Best what works against such spoofer is using the function IsClientAuthorized when they enter the server (OnClientPutInServer).
If they are not authorised you just restrict them, e.g.:
SetClientListeningFlags => VOICE_MUTED
Event player_changename => Prevent notication
Commands jointeam, say, say_team etc.. => Stop them
Timer to kick them after 30 seconds
etc...

However, also the authorisation for legit users might be delayed for various reasons. Therefore, I recommend you using OnClientAuthorized to check if a player already entered the server and remove the restrictions applied above.

You also might want to consider the rare case that Steam servers are down and that no player receives the authorsation. Therefore, you probably want to build in something that the restrictions are only applied if e.g. at least 60% of the players on the server already received an authorisation.