EditMe Official Blog2007-03-26
We have replaced the original 5 letter dictionary word captcha images with random five letter words that contain upper and lower case letters, numbers and symbols. This exponentially increases the number of captcha value possibilities and should go a long way towards deterring spammer scripts from guessing captcha values.
To put this into perspective, there are about 5,000 5 letter words in the English dictionary. This meant that a spammer running a script that hits your site every second for 24 hours could statistically guess the captcha around 18 times per day. By using random strings and including as many different possible character combinations as we have, the number of possible captchas comes to somewhere around 25 million.
These new captchas may be a bit more difficult to read because a recognizable word doesn't pop out at you when you see the image. But we think that customers whose sites have been inundated with spam despite activating captchas will appreciate the extra effort.
It's worth repeating here - requiring registration in order to post comments on your site is by far the most effective method of stopping comment spam on your site. Our experience is that requiring registration to post comments stops comment spam almost completely, and for good. It's an additional barrier to actual users who want to comment on your site, but it's worth considering if you're running out of options.
We have a release coming up this year focussed entirely on spam prevention, with several new features beyond captchas to help site administrators manage and prevent spam on their site. More on that release in a later post. In the mean time, let us know what you think about the new captchas.