Ars Technica is reporting that spambots have cracked Hotmail and Gmail CAPTCHA, allowing spammers to open thousands of email accounts and flood our inboxes with even more SPAM. It takes less than 1 minute for the spambot to crack Hotmail’s CAPTCHA .

Spammers are using these new email accounts to spam advertisements for “lottery tickets and watches.” Apparently the current economy’s state has not had any effect on the demand for lottery tickets and watches. Go figure.

More importantly, this questions the effectiveness of CAPTCHA to stop spammers and bots. While creating more advanced CAPTCHAs might thwart spambots in the short term, eventually they will find a way to crack them. In addition, if these CAPTCHAs get any more complicated, users will complain. Typing in a string of random letters and numbers all mixed up can be annoying as is, I can only imagine what a harder to crack version would be. So what can Hotmail and Gmail do?

Create a Better CAPTCHA
If you think about the evolution of media on the internet, video CAPTCHAs are the next logical step. I can see it now, YouTube CAPTCHA. Watch this short clip and answer a question. Using YouTube’s huge library of video with user supplied tags and descriptions, there is enough data to create thousands of computer generated clips and answer keys. Can users suffer through a 5 second video and answer a question? What about visually impaired users?

Limit the Number of Accounts per IP
If these spambots are running on unsuspecting users’ machines, limit the number of email accounts that can be created for each IP. Only a bot would create 1400 email addresses a day and log into each account and send out email. How long until they figure out a way around this one?

Make Users Confirm Their Account
Use phone call back to confirm the account. Sure its annoying, but would you trade that one simple step for a world with a lot less SPAM?

Of all the homepage/start pages, I have love NetVibes. Their latest release has added some great features, allowing for the social networking component and for the creation of individual or company universes.

Check out our Universe on NetVibes. Read what we read. Comment on our wall. Have an overall good time.

I am at a loss for words.

Personal SPAM is one thing. Business SPAM, coming from your online forms, is another. It is best to understand the problem before attempting to implement a solution. Generally, I classify form SPAM into 1 of 2 categories:

1. Form hijacking attempts
2. Automated scripts

Strategies to tackle both types rely on tightening form validation and security. Hijacking attempts are much more of serious problem, because the attack is trying to use your form and mail server to send out SPAM to hundreds or thousands of other people. Identifying hijacking attempts can sometimes be tricky, but if you see a lot of bounced back SPAM originating FROM your servers, you should definately start investigating.

Here are some things you can to do to curb your form SPAM issues:

1. Enforce tight server side validation - Javascript validation is lazy and useless. Most of these attempts come from automated scripts that won’t ever hit your javascript.
   1. Make sure form values don’t include email header data
   2. Validate form data based on type and strip out HTML code
   3. Limit the number of characters to something reasonable
   4. Check for certain words, phrases, or code that might lead you to believe its SPAM
   5. Never pass critical mailing data as hidden fields (such as the mail to address)
2. Use CAPATCHA - makes the submitter enter in some words, letters or numbers in an image before submitting the form. This ensures that the form is being submitted by an actual person and not an automated script.
3. Validate user sessions - for each visitor, create a unique session. Store a random and unique value on the server. Include that value as a hidden fields on the form, and validate it against the value stored on the server. If it is an automated script completing the form, that value will most likely be wrong.
4. Log IP addresses - chances are that someone at an IP is not going to submit your form multiple times over a short period of time. Keep track of this and use some validation to restrict and detect.

Tightening your validation is the most critical step in stopping form SPAM. If you have a vulnerability in your form, adding CAPATCHA won’t stop someone from exploiting it. Post your form if you want us to run some checks.

If the economy is slowing down, maybe now is a good time to re-evaluate your company’s brand. Check your own company’s brand. Here’s a list of scenarios to which you can answer yes or no.

1. You have discovered what differentiates your company from your competitors.
2. Your distinction is recognized by all of your clients/customers.
3. Your distinction has value to your clients/customers and prospects.
4. All employees in your company are aware of this distinction.
5. New hires are trained to communicate your company’s distinction.
6. Your distinction is communicated clearly to your prospects.
7. Your distinction is clearly communicated in your marketing materials.
8. Your distinction is scripted and utilized consistently.
9. Your product or service’s pricing strategy is based on client/customer perception of value.
10. Your brand receives adequate marketing support.

f you get more no’s than yes’s, you may want to contact Grant Marketing, the B2B Brand Experts.