Ars Technica is reporting that spambots have cracked Hotmail and Gmail CAPTCHA, allowing spammers to open thousands of email accounts and flood our inboxes with even more SPAM. It takes less than 1 minute for the spambot to crack Hotmail’s CAPTCHA .

Spammers are using these new email accounts to spam advertisements for “lottery tickets and watches.” Apparently the current economy’s state has not had any effect on the demand for lottery tickets and watches. Go figure.

More importantly, this questions the effectiveness of CAPTCHA to stop spammers and bots. While creating more advanced CAPTCHAs might thwart spambots in the short term, eventually they will find a way to crack them. In addition, if these CAPTCHAs get any more complicated, users will complain. Typing in a string of random letters and numbers all mixed up can be annoying as is, I can only imagine what a harder to crack version would be. So what can Hotmail and Gmail do?

Create a Better CAPTCHA
If you think about the evolution of media on the internet, video CAPTCHAs are the next logical step. I can see it now, YouTube CAPTCHA. Watch this short clip and answer a question. Using YouTube’s huge library of video with user supplied tags and descriptions, there is enough data to create thousands of computer generated clips and answer keys. Can users suffer through a 5 second video and answer a question? What about visually impaired users?

Limit the Number of Accounts per IP
If these spambots are running on unsuspecting users’ machines, limit the number of email accounts that can be created for each IP. Only a bot would create 1400 email addresses a day and log into each account and send out email. How long until they figure out a way around this one?

Make Users Confirm Their Account
Use phone call back to confirm the account. Sure its annoying, but would you trade that one simple step for a world with a lot less SPAM?