Captchas

From ASRG
Jump to: navigation, search
Anti-spam technique: Captchas
Date of first use: ca. 2001
Effectiveness: Medium
Popularity: Medium
Difficulty of implementation: Medium
Where implemented: MTA or MUA
Harm: High

Captchas (from "Completely Automated Public Turing test to tell Computers and Humans Apart") is version of mail challenges, adapted from a method originally designed to protect web forms from being completed by robots.

When using to protect a mailbox, a confirmation message is sent to the sender when he writes to the protected mailbox for the first time, indicating a web page where he will be asked to enter a textual code hidden in an image. If the correct answer is given, the sender is added to a whitelist so subsequent messages will be accepted without any further action.

Although some defenders of this method claim it provides "100 % spam stopped without loss of messages", in practice this method has many drawbacks including:

  • All of the general problems with Challenges
  • Not user friendly with people with physical deficiencies - blind people may not be able to correctly decode captchas (see American Council of the Blind
  • Often not user-friendly to people with normal vision either; CAPTCHA system misbehavior is a common source of humor on the Internet.
  • Spammers can simply pay humans in poorer nations to solve CAPTCHAs. In 2010, commercial CAPTCHA-solving services were seen charging $1 per thousand CAPTCHAs solved. At those rates, a fairly large spamming campaign can still be cost-effective.

References