The war on spam on the web is ongoing.

Smart people at big companies come up with ever sophisticated ways to prevent automated submission of spammy content to forums or blogs.

Smart sleazy people come up with ever sophisticated ways to break those schemes (or captchas, as we like to call them in the industry).

In fofou, my forum software, I use a trivial captcha that I copied from CVSTrac: it asks a user to enter the result of a simple arithmetic expression (e.g. “5+3”). It even provides the answer.

I have no doubt that this scheme would pose no challenge to people that are able to crack google’s captcha, yet I haven’t had a single automated spam in more than a year of running my forum.

My theory is that this captcha scheme is not used frequently enough to catch the attention of spammers. Even though it is probably easy to break, spammer’s time is better spent trying to break latest scheme used by google or yahoo than waste even 5 minutes cracking one-off scheme used by a few obscure websites.

Hence my advice: instead of using sophisticated but frequently used captcha, you can instead use a trivial scheme that no one else is using for 100% spam proof website.

And what if your website becomes really, really popular and is worth the attention of spammers? First of all, congratulation, you’re the lucky one. Second, switch to sophisticated captcha that all other really popular websites use.