> CAPTCHA's are hackable too, it just adds 3 to 10 times the effort, No question, everything human-readable (though some are hardly so) will _eventually_ be OCRable, but that has not prevented CAPTCHA from being considered a viable anti-abuse measure used in hundreds of thousands of situations.
Further, the CAPTCHA people are far from convinced that complex contemporary CAPTCHAs are being OCR'd. Rather, the fact is that, in practice, the images serve as a temporary password of 6-8 alphanumeric characters -- they have to, to not themselves be a barrier to user adoption -- and with the distributed nets the spammers wield, obvs. brute-forcing this "password" is not a major problem. I trust this is why you see spammers going after new webmail accounts specifically, instead of only hacking existing webmail accounts or hitting other brute-force authentication vectors. Getting a new account means you have to match a weak password. Hacking an existing account means you may have to match a strong one. If your goal is just to get an account to spew your spam (not to steal data), which would you choose? --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
