[zawerf]

CAPTCHA isn't just a matter of protecting your site. One of the most evil attacks nowadays is "Distributed Spam Distraction", where you spam your victim with thousands of emails per second so an important email (e.g., fraudulent purchases) gets lost in the noise.

How do you do this in a world with decent spam filters? By using the victim's email to sign up for real services so they get hit with a welcome email. Because these are real services, spam filter won't catch it. This can only be done with services that have sign up forms that are easily automated.

The most evil thing here is your email is crippled even after the attack is over because these real companies will keep sending you newsletter and it's impossible to unsubscribe to them all.

[jazoom]

You've just reminded me I really need to use unique email addresses for each service.

[ryankrage77]

If you use gmail, you can add a + followed by anything and it goes to the same mailbox.

For example, if signing up to drop, I might use myemail+drop@gmail.com

Makes it very easy to see which services are selling the address you provide to advertisers

[jazoom]

Yeah I know, and you're unfortunately correct that I use Gmail, but it's something I'm planning to change soon.

Also, if someone was targeting you with spam that won't help. They'll just remove the "+..." and you're back to the same problem.