Captchas
From ASRG
Anti-spam technique: Captchas | |
---|---|
Date of first use: | ca. 2001 |
Effectiveness: | Medium |
Popularity: | Medium |
Difficulty of implementation: | Medium |
Where implemented: | MTA or MUA |
Harm: | High |
Captchas (from "Completely Automated Public Turing test to tell Computers and Humans Apart") is version of mail challenges, adapted from a method originally designed to protect web forms from being completed by robots.
When using to protect a mailbox, a confirmation message is sent to the sender when he writes to the protected mailbox for the first time, indicating a web page where he will be asked to enter a textual code hidden in an image. If the correct answer is given, the sender is added to a whitelist so subsequent messages will be accepted without any further action.
Although some defenders of this method claim it provides "100 % spam stopped without loss of messages", in practice this method has many drawbacks including:
- All of the general problems with Challenges
- Not user friendly with people with physical deficiencies - blind people may not be able to correctly decode captchas (see American Council of the Blind
- Often not user-friendly to people with normal vision either; CAPTCHA system misbehavior is a common source of humor on the Internet.
- Spammers can simply pay humans in poorer nations to solve CAPTCHAs. In 2010, commercial CAPTCHA-solving services were seen charging $1 per thousand CAPTCHAs solved. At those rates, a fairly large spamming campaign can still be cost-effective.