Status_203 - 10:04 am on Oct 11, 2010 (gmt 0)
The only reason current text based CAPTCHA's aren't routinely cracked automatically is that the graphical ones are still more common.
Once it becomes worthwhile it'll take a ne'erdowell, ooh... hours to crack! We're talking about parsing at about '80s 8bit text adventure level with a limited number of problem domains. Start fixing either of those issues and the number of false positives from real humans will start rising again!
I can think of at least one way of mixing computer and human solutions to break textual captchas that requires no parsing at all and would have nearly 100% correct answers at minimal cost. With minimal cost being defined as less than the 0.1 of a cent per correct solution that is currently required for an entirely human based solution!
All variaties of free communication services are absolutely stuffed. But even they, along with everybody else that takes form submissions, need to look at reducing the value of the service to spammers, not just increasing the cost (which is currently (well, a few years ago, might be cheaper now) capped at the above 0.1 cent per submission noted above for teams of humans.
Avoid making a service useful to spammers at all, if applicable to your web application. But if that can't be avoided then log and check everything - IPs, http headers, language filters, submission speeds etc.