> This reminds me of various captcha strategies I've seen used by small forums to great effect—solving some math, typing a word into a text box, choosing a popular character's picture… etc. They all work, perfectly. But only because spammers don't care about the small fry: it's not worth their time to modify their bots for your little site. If any given captcha becomes used widely—or your forum grows big enough—they will bypass it trivially.
Which reminds me of Jeff Atwood's original "captcha"[1] on the Coding Horror blog. It was a static image of the word "orange" every time. It was the most trivially defeatable captcha ever, but he didn't care because it worked. It would have been senseless for him to invest time and effort into implementing a complex captcha engine, when the existing solution was filtering spam bots just fine.
Which reminds me of Jeff Atwood's original "captcha"[1] on the Coding Horror blog. It was a static image of the word "orange" every time. It was the most trivially defeatable captcha ever, but he didn't care because it worked. It would have been senseless for him to invest time and effort into implementing a complex captcha engine, when the existing solution was filtering spam bots just fine.
[1] http://blog.codinghorror.com/captcha-is-dead-long-live-captc...