Anyone who has posted a comment on my blog in the last few months knows it requires at least one full second, preferably two or three, to pass my captcha. Currently, you have to be able to do arithmetic with roman numerals. Not exactly Ph.D. worthy, but still a bit of a challenge. For all sorts of reasons, including accessibility, I have given up on image-based captchas. My captchas are customized and modified regularly, and usually involve that you read a piece of text and translate it into an arithmetic problem. Some human beings have complained that they had to give up posting a comment because the problem was too hard. If you took a snapshot of my system, you could easily build a computer program to pass my captchas, but because I change them all the time, and because they only appear on my low-traffic site, I figure that nobody would ever bother trying.
Well, I still get about 3 spam comments per day. No matter what. There is a spam-free delay of a week or so after I change drastically the captcha, but spam quickly resumes.
Ok, it could be that a spambot was programmed to beat the general type of captchas I use. Still, it is pretty impressive the way I get spammed with such efficiency.
The fact that I am nearly convinced that I deal with human beings, tell you that if I, in fact, have to deal with machines, these machines pass a Turing test with flying colors.
I am now waiting to see how long it will take for the spambots to learn roman numerals. If they do so in less than a week, I will seriously worry about my safety.