Why do I keep getting a CAPTCHA?

Most of these major email providers are doing what I would call behavioral analysis. They’re looking for signals that indicate spam and then posting a CAPTCHA.

//
Hi, Leo. I’m really annoyed with those CAPTCHA things that Yahoo sometimes wants me to fill out before my email can be sent. Now, I realize that if I were to send an email addressed to many recipients that Yahoo might assume that I’m spamming, but if I’m just replying to an email from a friend, I really don’t think that this CAPTCHA is called for. I’ve contacted them several times about this, but to no avail.

Before I answer your question, I have to say that I’m not surprised in the least that you’re not getting a response. Yahoo is a free email service and they actually have very little (if any) customer support. It’s not something that I would ever expect them to change. Quite literally, you’re getting what you’re paying for in that regard.

As for your question, why do you keep getting a CAPTCHA?

Spam – what is it?

Unfortunately, while what you’ve described is obviously not spam, it actually could be. The assumption that you’re making is that simply replying to a friend would never be spam.

Yet, it is something that spammers indeed do.

When an account gets hacked, the spammer tries to look like you. They try to send out individual mails to the contacts that you have so that the contacts are more likely to actually open them.

One way that they do that is to simply reply to what they find in your inbox.

Spammers are human … or not

Great, the hackers have access to my account. But the hacker’s a human; he’s going to fill out the CAPTCHA. Right?

CAPTCHA


CAPTCHA is an acronym for “completely automated public Turing test to tell computers and humans apart.” It’s trademarked by Carnegie Mellon University. Technically, a CAPTCHA is any problem or test displayed by a computer that, in theory
... continue reading »

My belief is that once an account has been hacked, what happens after that is highly automated.

In other words, once a hacker has control of your account, they probably set up a computer to automatically send all of the spam messages that we see.

And that’s what’s neat about automation. They don’t have to send spam messages to a thousand people on the To line of your email in one swoop. They can take their time and send a thousand individual emails, possibly by replying to the emails that are in your inbox.

What you’ve described as not necessarily requiring CAPTCHA… well, it actually could.

No SPAM!Behavioral analysis

What’s really going on behind the scenes is something much more complex than just looking at the number of people on the To line, the contents of the email, or the location of the person that’s sending it.

Most of these major systems are doing what I would call behavioral analysis. They’re not just looking at things like who the messages are going to or what they look like. They’re looking at:

  • How many you’ve sent
  • Over what period of time
  • Other signals that we don’t know (and in fact, we shouldn’t know) that tell the system, “This email is just getting above a certain threshold; we need to throw a CAPTCHA on these messages to make sure that this user is in fact a person.”

You’ll note that I said we can’t and shouldn’t know.

The fact is that whatever the rules are that determine what is and isn’t spam, they should be secret. Why? If they were public, that list of rules would be an instruction manual for the spammers. It would continue to increase the amount of spam and escalate this war on spam.

Ultimately, the free email providers in particular have to do something to prevent this kind of abuse by hackers and spammers. The occasional CAPTCHA – or even the frequent CAPTCHA – is the price we pay.

Ultimately, don’t blame Yahoo. Blame the spammers.

There are 10 comments:

  1. Mark Jacobs Reply

    One case where websites sometimes use CAPTCHAs is if you’ve deleted cookies. Websites sometimes store a cookie to let them know you’ve logged on from that computer before. If you delete that cookie, the website thinks a new computer might be accessing it and checks to see if it is being accessed by a person or a bot.

  2. Tom (Lord Rayne) Reply

    I admit that Yahoo might have thought that I was a Spammer because I used to forward “Funnies” to as many as 50 plus friends and colleagues. I became so tired of the CAPTCHA requirement that I’ve changed to Gmail and that doesn’t seem to put these obstacles in my way. So the advice is change your e-mail provider.

    By the way, can you recommend a good reliable (paid for) e-mail provider, that will give you support and won’t keep updating its “Send” format to the point of bewilderment?

    • Connie Delaney Reply

      Tom,
      The best “paid for” email provider would be to own your own domain through a reputable company. Leo has a great webinar on that here:
      http://ask-leo.com/webinar_11_mastering_your_own_domain.html

      That webinar also includes adding your own WordPress blog to the domain, but you wouldn’t have to do that at all. There are lots of great hosting companies around. My advice would be to not pick the cheapest of the cheap. Better to pay a little more and have good support.

  3. bob price Reply

    I get them all the time and don’t know why. I write to only the same 10 people for years, and only a few times a week. The worst part is i have to refresh the captcha 10-20-30 times to get on I can read. These 73 year old eyes cannot discern many of those bizarre twisted shapes.

    • Mark Jacobs Reply

      Bob,
      Do you clear your cookies or have your browser automatically clear them? As I said, I think that might be the cause of your email provider throwing a CAPTCHA atcha’

  4. Mark Jacobs Reply

    I occasionally see mathematical CAPTCHAs where you have to add or subtract a number and the written our version of a number, something like ’87 plus ninety six =’. For me and probably a lot of people, that’s so much easier than some of the indecipherable type in the characters CAPTCHAs. Are the mathematical ones that much easier for a bot to decipher?

  5. Karen Grube Reply

    I suddenly am being prompted with a captcha for every mail I send. I have absolutely NO email record that would make them think I’m a spammer. I’ve had my account for years. I’ve cleared cookies and cache. I’ve cleared my spam folder. I can’t even search “captcha” on the Yahoo community mail forum because it says, every time I try to click on a post or message that might give me information, that the post is gone. What is up with Yahoo? I can’t reach anyone by phone. I can’t reach anyone by email. I can’t get any resolution. I am truly frustrated and angry. Oh, and NO my account hasn’t been taken over by a spammer. How do you get out of captcha hell? I don’t want explanations. I want answers and I want this nonsense to stop. Any suggestions?

    • Karen Grube Reply

      To clarify, I PAY for this account. It isn’t a free account.

      • Karen Grube Reply

        And NO, I don’t want a new email address. I’ve had the same one for over 15 years and I don’t feel like changing it.

    • Leo Reply

      Not specifically – I did find this on a Yahoo! forum, which seems to recommend something you already did (clear cache): http://answers.yahoo.com/question/index?qid=20130417083908AA63dGT – but it also links to some further trouble shooting.

      It would be very worthwhile to try another browser. If that works … well, it works. But if that fails it tells you it’s an issue with Yahoo! or something related to your account (or – grasping at straws here – your IP address).

Leave a reply:

Before commenting please:

  • Read the article. Seriously. You'd be shocked at how many people make comments that prove they didn't.
  • Comment only on the article. If you have a new, unrelated question start with the search box at the top of the page.
  • Don't post personal information. Email addresses, phone numbers and such will be removed.

VERY IMPORTANT: because of a rise an comment spam that's making it through our filters any comments that do not add to the discussion - typically off topic or content-free comments - run a very high risk of being flagged as spam and removed.

If you have a new question unrelated to the article above, ask it on the Ask Leo! ask-a-question page.