[tmarice]

I don't really understand the captcha hate, it's table stakes for any public-facing form. You need to pick a point on the "Ease of signup" vs. "Security" curve, and email signup + captcha seems to be the sweet spot.

I haven't seen any proof that the big ones (Google, CF) can be easily and automatically bypassed, and would love to learn more if someone has evidence to the contrary.

[withinboredom]

My blog does a proof-of-work before submission (withinboredom.info) in your browser. It'll use a fair bit of cpu power, but should only take a few seconds to complete. For an attacker... that's quite slow and self-limiting.

[eduction]

I did Ctrl-F on "proof-of-work" in this thread to see if anyone had tried this, you seem to be the only one. Seems like a good precaution before sending even a verification email.

Did you have to roll your own or was there some proof of work library you were able to use?

Update: Ah, found the code - https://withinboredom.info/posts/how-this-blog-actually-work...

[LEDThereBeLight]

Anyone who’s trying to make money through stuff like this (versus just experimenting) is using one of the many paid captcha-solving APIs, which cost a cent or two per solved captcha.