The official Akismet blog has a post pointing out the numerous problems wtih relying on CAPTCHA systems as a means of preventing, or at least discouraging, spam. CAPTCHA systems show the user almost unreadable text in graphic format — often twisted and deformed beyond recognition — and then ask the user to type in the word or letter/number combination in a text box.
My experience with these systems mirrors a lot of the comments to the Aksimet piece. A lot of the times, I simply cannot read what the word is. Facebook is horrible with this — it is constantly throwing up random CAPTCHAs and asking me to type in two words, but 90% of the time I cannot make out what the words are and have to sit there and reload new graphics until I find one that I can make out enough of the word to make an educated guess.
At other sites, I can very clearly make out what the word I’m supposed to type in, but most of the time the site will reject my entry. One thing that really pisses me off about CAPTCHA systems is they rarely include any indication as to whether the entry needs to be case sensitive. Some are case sensitive, but it’s even harder for me to tell if that’s a capital J or a lower case j by the time the letter is distorted and twisted.
Oddly enough, though, CAPTCHA is a bit like DRM — the casual user may have problems getting around it to actually enter a comment, but the spammers have little problem circumventing them,
Companies still believe in the power of the CAPTCHA and they are now very wrong to do so. Where there is a demand by those wanting to spam there is supply – and it’s less than a cent to spam your blog. At ZDNet’s Security blog they report on an industry which can solve a quarter of a million CAPTCHA’s a day.
On the other hand, as useful as Akismet is, based on the success rate of spammers at this site I imagine spammers still have people who run high volume sites pulling their hair out trying to stomp out the spam.