I've always hated CAPTCHA, so I use a simple javascript human-detection script on the blog host that I run.
I keep records of all the spam that gets filtered on the site and why. Surprisingly, the human detection filter hardly ever gets triggered anymore. It used to in the past, but it seems that we've passed the point where spammers use scripts anymore. Nowadays it's all done by cheap laborers.
Granted, the site requires users to register before posting, but the registration form is seeing significantly less "robot accounts" than it used to.
I imagine that IPv6 will make blacklisting IP addresses more difficult, as the 65,536 addresses in a /48 network prefix could either belong to one person or an entire organisation, and there are many tunnelling services offering /48 prefixes to anyone, meaning a spammer could easily acquire millions of different addresses.
no, /48 just becomes the new /29. it doesn't matter that there's many millions of addresses in the space instead of 8, it's still one contiguous space assigned to one customer, so you just blacklist the entire /48. it's currently done with entire /24s for big spammers.
ipv6 tunneling services have been around for quite a while and have dealt with spam fairly well, which is to say there's hardly any spammers using them because there's nothing worth spamming on ipv6 yet. by the time there is (meaning lots of mail servers), native ipv6 will be so prevalent that most tunnel services won't be needed, or will be much smaller and easier to police.
It's clear that CAPTCHA is not a cure-all, and needs to be combined with content filtering and IP banning and other techniques. But (as we say in the show) the idea is to make spam uneconomical with a minimum disturbance to the user. Some users (e.g. handicapped, impatient) are obviously more disturbed by it than others.
I keep records of all the spam that gets filtered on the site and why. Surprisingly, the human detection filter hardly ever gets triggered anymore. It used to in the past, but it seems that we've passed the point where spammers use scripts anymore. Nowadays it's all done by cheap laborers.
Granted, the site requires users to register before posting, but the registration form is seeing significantly less "robot accounts" than it used to.
I actually blogged about this last week: http://www.expatsoftware.com/articles/2010/03/care-and-feedi...