Most of these major email providers are doing what I would call behavioral analysis. They’re looking for signals that indicate spam and then posting a CAPTCHA.
Before I answer your question, I have to say that I’m not surprised in the least that you’re not getting a response. Yahoo is a free email service and they actually have very little (if any) customer support. It’s not something that I would ever expect them to change. Quite literally, you’re getting what you’re paying for in that regard.
As for your question, why do you keep getting a CAPTCHA?
Spam – what is it?
Unfortunately, while what you’ve described is obviously not spam, it actually could be. The assumption that you’re making is that simply replying to a friend would never be spam.
Yet, it is something that spammers indeed do.
When an account gets hacked, the spammer tries to look like you. They try to send out individual mails to the contacts that you have so that the contacts are more likely to actually open them.
One way that they do that is to simply reply to what they find in your inbox.
Spammers are human … or not
Great, the hackers have access to my account. But the hacker’s a human; he’s going to fill out the CAPTCHA. Right?
CAPTCHA is an acronym for “completely automated public Turing test to tell computers and humans apart.” It’s trademarked by Carnegie Mellon University. Technically, a CAPTCHA is any problem or test displayed by a computer that, in theory
... continue reading »
In other words, once a hacker has control of your account, they probably set up a computer to automatically send all of the spam messages that we see.
And that’s what’s neat about automation. They don’t have to send spam messages to a thousand people on the To line of your email in one swoop. They can take their time and send a thousand individual emails, possibly by replying to the emails that are in your inbox.
What you’ve described as not necessarily requiring CAPTCHA… well, it actually could.
What’s really going on behind the scenes is something much more complex than just looking at the number of people on the To line, the contents of the email, or the location of the person that’s sending it.
Most of these major systems are doing what I would call behavioral analysis. They’re not just looking at things like who the messages are going to or what they look like. They’re looking at:
- How many you’ve sent
- Over what period of time
- Other signals that we don’t know (and in fact, we shouldn’t know) that tell the system, “This email is just getting above a certain threshold; we need to throw a CAPTCHA on these messages to make sure that this user is in fact a person.”
You’ll note that I said we can’t and shouldn’t know.
The fact is that whatever the rules are that determine what is and isn’t spam, they should be secret. Why? If they were public, that list of rules would be an instruction manual for the spammers. It would continue to increase the amount of spam and escalate this war on spam.
Ultimately, the free email providers in particular have to do something to prevent this kind of abuse by hackers and spammers. The occasional CAPTCHA – or even the frequent CAPTCHA – is the price we pay.
Ultimately, don’t blame Yahoo. Blame the spammers.