CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of challenge-response test used to determine if the user is human. CAPTCHAs are used to prevent bots from registering accounts in mass to collect email addresses which can then be used to send spam. An example of this would be a bot that is programmed to register for a Yahoo email address and work with another information gathering system to send spam to the list of emails that they have acquired. The email addresses can also be used to register on websites and post ads in blogs and forums, etc.

There are several methods to circumvent CAPTCHA. Unscrupulous programmers have created very advanced software to automatically translate the CAPTCHA image to text. Some spammers use networks of human operators working for fractional pennies per image to translate the graphic. Some even cut and paste the spam into the comment by hand, doing the CAPTCHA work themselves. These articles explain the issue in more detail:

CAPTCHA - Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/CAPTCHA#Circumvention

 

HowStuffWorks "Breaking a CAPTCHA"

http://computer.howstuffworks.com/captcha4.htm

 

In short, CAPTCHA can be circumvented. It might be possible to further obscure the text to defeat sophisticated Optical Character Recognition. However, the nature of our clients leads to a higher than average level of disabled users. Some of Convio's clients deal exclusively with a disabled constituency with visual and cognitive challenges. Raising the electronic barriers too high will prevent these constituents from contributing. If a human being cannot get by the protection then you might as well have no comment form at all.

While sophisticated spam operations can get through, the CAPTCHA feature does stop less sophisticated and energetic spammers. If you don't have CAPTCHA on your forms then your rate of spam will increase.

You can configure your comment forms to be available only to registered users. This will add a layer of security to the form and make it less convenient to spammers. The best option is to configure your comment forms to be moderated. This puts you in direct control the content visible on your site. The most reliable filter for spam comments is a human being.