How smart is the average spam bot in 2007? Answer, kinda smart, but not really. A couple years ago I created a bare bones message board that didn't require a user to sign up to post. I wanted a quick and easy place my friends could post and I felt like writing one myself. A couple months after it's inception I started getting 60 or so posts a day from spam bots touting everything from Cialis to things that I won't mention here. At that point, I looked at implement some kind of CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart: http://en.wikipedia.org/wiki/Captcha). There are open source frameworks for every web language out there to choose from that have learned from their mistakes and refined the process. We've all seen these systems, where they skew the word and put squiggly lines and other backgrounds on the photo that makes it hard to read (for the purpose of making it hard to read by spam bots that use OCR or optical character recognition to read the image).
This got me to thinking, how smart is the typical spam bot? They're intellgent enough to go out and search Google or other search engines for message boards and specific types of message boards at that, but can the typical run of the mill spam bot read a plain old image? That's what I wanted to test... so I created an image, that did have a background but didn't have the font skewed. My goal was to see if any of the regular 60 posts a day I got would continue. The image was static and the text never changed.
What did I find? 100% of the spam bot posts stopped and have stayed clear for the last 5 months. So, my theory is that the average large scale spam bot isn't so bright. Now, don't go and think that I'd advocate this approach for a site that gets tons of traffic because I'm not. Those sites are going to get targeted by highly tailored spam bots that very likely do imploy OCR to read the images. I really wanted to test the run of the mill spam bot that traverses the Internet through search engines. Don't take this as an advocation for the lowest common denominator appraoch, it was simply a test but I found it interesting none the less.
What to know about Captcha? Aside from the above Wikipedia article, here's a link to the site that has a ton of free plugins for various languages (ASP.Net, PHP, Python, Perl, Ruby, Java & Cold Fusion to name a few.. plus they have plugins for commonly used Internet BB's and applications): http://www.captcha.net/