Archive for October 6th, 2008
Microsoft and Google are facing renewed challenges in their fight against spammers who abuse their webmail services to send out spam. Earlier this year spammers successfully used bots (software that automatically signs up with online services) to break the CAPTCHA security systems at Hotmail and GMail. Once penetrated these bots proceed to create several accounts, and then use them to send high volumes of spam messages. Both Microsoft and Google responded by strengthening their CAPTCHA systems, but it seems that the spammers have found another way in.
We are all now familiar with CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), the extra step we must all take when submitting almost any type of form on the web. The process involves entering the garbled, often illegible, text displayed on screen to prove that a human is completing the form and not a robot.
While it is relatively easy for humans to decipher the text on screen, computer bots find it much more difficult as the distortion of the text makes it difficult for them to identify the letters using their optical character recognition capabilities. However, in recent weeks it has emerged that Microsoft’s CAPTCHA has been breached by spammers again, and it has been suggested that spammers are getting it right between 10-15% of the time.
If spammers are successfully breaking CAPTCHA on huge services like Hotmail and GMail, who have the resources to implement the most secure techniques available, where does that leave the average webmaster who uses CAPTCHA to prevent the abuse of their contact forms, order processes or blog articles?
Well, some are suggesting that CAPTCHA in its current form is now rendered useless and just not viable anymore. Some industry experts are suggesting a wholesale switch to alternative forms of CAPTCHA, such as Microsoft’s Asirra image based format where users are required to identify and distinguish between photos of cats and dogs. Others, such as Terry Zink, are suggesting a second CAPTCHA challenge post sign up which would statistically reduce the overall success rate of the spammers’ bots.
Nobody quite yet has the perfect solution, and though many believe it’s just a game of cat and mouse, the anti spam industry continues to seek the most effective measures of preventing spam reaching our inboxes.
