How to Manage Spam (The Sending Part), the sequel
In my previous entry I linked to a blog which shows how to send emails through a botnet.
Today I stumbled over a movie which shows how you can spam millions of forums from one interface. Again, I’m surprised at the professional interface and the power of the software used.
Also surprisingly this software has support for captcha’s. If you look closely in the log file shown in the movie you can see they can crack those as well.
So you can remove the captcha’s. Besides bad usability, they are useless.
The movie.
another possibility is to use a spamfilter such as http://akismet.com/
CAPTCHAs have been getting cracked or just manually solved in bulk for a while now. Somehow spam gets on amarok.kde.org. Actually sometimes the spam is so sneaky I suspect its actual humans, who apparently are being paid enough to manually poison Google. But I remember at some point I was configuring things and turned off the CAPTCHA and immediately there was like 5 spam comments posted.
So CAPTCHAs are certainly still useful. 100% spam protection is a nice goal, but its not what CAPTCHA’s are for. You need to still watch the comments.
There are no fool-proof methods, and I agree Captchas are bad for usability. Still, they currently still help, somewhat. Other options include presenting a simple equation to solve, randomizing the names of the input fields and using hidden input fields that must stay blank (and hide them from your CSS). Nothing is completely save, and nothing beats a human spammer, of course.
Last: a system that makes it possible for users to report spam easily could help keeping the problem in check without having to review each and every comment personally.