A couple of weeks ago, I blogged that some outfit in Russia claimed to have broken Yahoo’s CAPTCHA for creation of new email accounts. Someone posted a reply in the comments with a link to an article that this was unlikely.
Yet, in the past couple of weeks, I have noticed something that would seem to confirm the theory of CAPTCHA’s being broken. I have a Yahoo account, a Gmail account and my own Frontbridge account (I also have a Hotmail account but I check it rarely, and a Microsoft account which I exclude from this analysis). Over the past few weeks I have seen an increasing amount of spam from Yahoo, Gmail and Hotmail. I have also seen a few discussion threads talking about spam being relayed through Yahoo/Google/Hotmail’s outbound servers. In other words, people getting accounts through those services and then sending spam.
If a CAPTCHA really was broken, then this is the type of behavior I would expect to see. On the other hand, there are alternative explanations like systems being infected with malware that logs into people’s pop3 accounts (using keystroke loggers or something) and sends spam out that way.
It will be interesting to see how this plays out. The bottom line is that the outbound spam filtering problem is affecting everyone, not just us.