Fame and Fortune Soon to Follow
I was quoted in a New York Times article on CAPTCHA and alternatives. There's a bit more to the story with Windows Live, when I went to sign up my work email, I couldn't read the text CAPTCHA, so I tried the audio option. That was even worse. It was a disembodied voice reading off numbers into background noise that sounded like a busy subway station. I failed the audio option and went back, and after some serious inspection, I passed the CAPTCHA. phew.
Services like Yahoo!, MSN, PayPal, and eBay have a big problem, because they're big targets. For blogs, I think CAPTCHA is an awful option, and a big deterrent to participation. I believe the key is diversity in the platform - I get a number of hits from Google searches looking for pages that end in .aspx along with the text from the start of my comment form - people obviously looking for .Text weblogs to target with automation. Simply modifying the default text would kill this kind of hit. You should also vary the names of the inputs on the comment form - this could be done in software, but it's simple enough to do on your own blog - this deters dumb automation as well. Try modifying the workflow with things like mandatory preview. I've also seen a number of blogs that require commenters to type in some fixed text or solve simple math problems, I don't know how well this works, but as long as you're varying the text and not making it obvious to a screen scraper what the phrase is, it probably has a decent response. Honestly, the best solution I've found is to disable comments after about a month - I very rarely get non-spam comments after a post has been up for a few days.