All CAPTCHA systems are doomed to fail. Unfortunately, this has not prevented eager developers using CAPTCHAs in even the most basic web to email forms.
No one likes CAPTCHAs. They are not fun. They can not be used by everyone, such as those with impaired vision or without graphics enabled. They slow down the sign-up process and, ultimately, they will lead to fewer real registrations.
The worst problem with CAPTCHAs is that they put the onus on the user. Users do not care if you are receiving thousands of spam messages or bogus accounts: that’s your problem. CAPTCHAs should be the last barrier of defence – not the first.
The vast majority of hacking attempts and bots can be prevented without resorting to CAPTCHAs. If you make it moderately difficult, spammers will simply move on to the next easier target. Here are some basic techniques that will stop the majority of spoofing attempts.