There’s a lot of effort going into how to prevent comment spam in movabletype and other weblogs. The key seems to be finding something that approximates a crude Turing test: the post request must meet some challenge that only a human can meet.
There are a few coping strategies in the field. One is a “captcha” engine that creates a gif of a number string and requires the numbers to be keyed as a kind of authentication: the gif is somewhat obscured, making it a problem for the sight-impaired and, we suppose, OCR software.
Another idea, not yet fielded, is a challenge-response where the question is something like “what is the X letter of word Y”? The arguments against this seem to be that a parser could be written to sort that out . . . I suppose so.
I like the second of the two, since it’s not exclusionary. How hard would it be to defeat? And what countermeasures could be written into it (present the string as HTML entities that have to be decoded by a parser? present the word reversed? don’t use real words at all? make the letter position the result of a simple equation [what letter is in the 2^2 position in the string uiwplkg?]?)
With the understanding that no scheme is perfect, what makes the bar sufficiently high as to dissuade all but the morally bankrupt with a lot of time on their hands?
[Posted with ecto]