Coding Horror: CAPTCHA is Dead, Long Live CAPTCHA!
There’s simply too much money to be made in email spam for the commercial CAPTCHA algorithms, regardless of how good they may be, to survive forever. How old is Google’s CAPTCHA now? Two to three years old?
In the short term, perhaps proliferation and evolution of many different CAPTCHA techniques is the most effective prevention. You should emulate the techniques from the most effective and human-readable industrial grade commercial CAPTCHA, but avoid copying them outright. Otherwise, when they’re inevitably broken, you’re broken too.
CAPTCHA defeating tools are tailored to very specific inputs; if there’s little to no monetary incentive, odds are nobody will bother to customize one for yours. My ridiculously simple “orange” comment form protection is ample evidence of that.
It looks like the days of the CAPTCHA are in their twilight. It’s probably time to switch to more advanced ideas like asking questions that are simple for humans to answer, but difficult for machines. Think about questions like “What is Clint’s first name?” It might sound simple for you, but to a machine parsing and evaluating that English sentence is quite difficult. Jeff links up a few more techniques like distinguishing dogs from cats, and more. Check out his post!
