Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Why do I keep getting a CAPTCHA?

Question: Hi, Leo. I’m really annoyed with those CAPTCHA things that Yahoo sometimes wants me to fill out before my email can be sent. Now, I realize that if I were to send an email addressed to many recipients that Yahoo might assume that I’m spamming, but if I’m just replying to an email from a friend, I really don’t think that this CAPTCHA is called for. I’ve contacted them several times about this, but to no avail.

Before I answer your question, I have to say that I’m not surprised in the least that you’re not getting a response. Yahoo is a free email service and they actually have very little (if any) customer support. It’s not something that I would ever expect them to change. Quite literally, you’re getting what you’re paying for in that regard.

As for your question, why do you keep getting a CAPTCHA?

Become a Patron of Ask Leo! and go ad-free!

Spam – what is it?

Unfortunately, while what you’ve described is obviously not spam, it actually could be. The assumption that you’re making is that simply replying to a friend would never be spam.

Yet, it is something that spammers indeed do.

When an account gets hacked, the spammer tries to look like you. They try to send out individual mails to the contacts that you have so that the contacts are more likely to actually open them.

One way that they do that is to simply reply to what they find in your inbox.

Spammers are human … or not

Great, the hackers have access to my account. But the hacker’s a human; he’s going to fill out the CAPTCHA. Right?

My belief is that once an account has been hacked, what happens after that is highly automated.

In other words, once a hacker has control of your account, they probably set up a computer to automatically send all of the spam messages that we see.

And that’s what’s neat about automation. They don’t have to send spam messages to a thousand people on the To line of your email in one swoop. They can take their time and send a thousand individual emails, possibly by replying to the emails that are in your inbox.

What you’ve described as not necessarily requiring CAPTCHA… well, it actually could.

No SPAM!Behavioral analysis

What’s really going on behind the scenes is something much more complex than just looking at the number of people on the To line, the contents of the email, or the location of the person that’s sending it.

Most of these major systems are doing what I would call behavioral analysis. They’re not just looking at things like who the messages are going to or what they look like. They’re looking at:

  • How many you’ve sent
  • Over what period of time
  • Other signals that we don’t know (and in fact, we shouldn’t know) that tell the system, “This email is just getting above a certain threshold; we need to throw a CAPTCHA on these messages to make sure that this user is in fact a person.”

You’ll note that I said we can’t and shouldn’t know.

The fact is that whatever the rules are that determine what is and isn’t spam, they should be secret. Why? If they were public, that list of rules would be an instruction manual for the spammers. It would continue to increase the amount of spam and escalate this war on spam.

Ultimately, the free email providers in particular have to do something to prevent this kind of abuse by hackers and spammers. The occasional CAPTCHA – or even the frequent CAPTCHA – is the price we pay.

Ultimately, don’t blame Yahoo. Blame the spammers.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

11 comments on “Why do I keep getting a CAPTCHA?”

  1. One case where websites sometimes use CAPTCHAs is if you’ve deleted cookies. Websites sometimes store a cookie to let them know you’ve logged on from that computer before. If you delete that cookie, the website thinks a new computer might be accessing it and checks to see if it is being accessed by a person or a bot.

    Reply
  2. I admit that Yahoo might have thought that I was a Spammer because I used to forward “Funnies” to as many as 50 plus friends and colleagues. I became so tired of the CAPTCHA requirement that I’ve changed to Gmail and that doesn’t seem to put these obstacles in my way. So the advice is change your e-mail provider.

    By the way, can you recommend a good reliable (paid for) e-mail provider, that will give you support and won’t keep updating its “Send” format to the point of bewilderment?

    Reply
    • Tom,
      The best “paid for” email provider would be to own your own domain through a reputable company. Leo has a great webinar on that here:
      http://ask-leo.com/webinar_11_mastering_your_own_domain.html

      That webinar also includes adding your own WordPress blog to the domain, but you wouldn’t have to do that at all. There are lots of great hosting companies around. My advice would be to not pick the cheapest of the cheap. Better to pay a little more and have good support.

      Reply
  3. I get them all the time and don’t know why. I write to only the same 10 people for years, and only a few times a week. The worst part is i have to refresh the captcha 10-20-30 times to get on I can read. These 73 year old eyes cannot discern many of those bizarre twisted shapes.

    Reply
    • Bob,
      Do you clear your cookies or have your browser automatically clear them? As I said, I think that might be the cause of your email provider throwing a CAPTCHA atcha’

      Reply
  4. I occasionally see mathematical CAPTCHAs where you have to add or subtract a number and the written our version of a number, something like ’87 plus ninety six =’. For me and probably a lot of people, that’s so much easier than some of the indecipherable type in the characters CAPTCHAs. Are the mathematical ones that much easier for a bot to decipher?

    Reply
  5. I suddenly am being prompted with a captcha for every mail I send. I have absolutely NO email record that would make them think I’m a spammer. I’ve had my account for years. I’ve cleared cookies and cache. I’ve cleared my spam folder. I can’t even search “captcha” on the Yahoo community mail forum because it says, every time I try to click on a post or message that might give me information, that the post is gone. What is up with Yahoo? I can’t reach anyone by phone. I can’t reach anyone by email. I can’t get any resolution. I am truly frustrated and angry. Oh, and NO my account hasn’t been taken over by a spammer. How do you get out of captcha hell? I don’t want explanations. I want answers and I want this nonsense to stop. Any suggestions?

    Reply
  6. And the good news is that it seems like CAPTCHA now places a cookie so that you don’t have to go through the hoops very often as they already know you’re not a bot so all you have to do is occasionally tick the I am not a robot dialogue. It seems like they could even bypass that if they choose if that cookie indicates you’ve passed the CAPTCHA test.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.