Posted March 14, 2008 1:30 am by with 19 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

Some spammers are claiming to have cracked Gmail’s captchas–the mix of letters and numbers that only humans are supposed to recognize. If true, email spammers could create thousands of Gmail accounts and use them to send those annoying Viagra and “enlargement” offers.

Not so fast, says Google!

Brad Taylor, a Google software engineer known informally as the company’s spam czar, says that internal evidence shows that the rise in spam originating from Gmail accounts stems not from captcha-busting programs. Instead, he said, spammers are using the old-fashioned “mechanical turk” trick—an operation where low-paid laborers in third-world countries are enlisted to solve the puzzles, one by one.

“You can see it is clearly done by humans,” Mr. Taylor said. “There are patterns in the rate we find bogus accounts, like at night time and when people get off work,” in certain parts of the world.

I’m leaning towards believing Taylor on this one. I have a hard enough time getting captcha letters correct, so I doubt spammers have created software that does any better.

More likely, spammers are provide free porn, in exchange for humans helping them crack the captchas.

  • PS3

    I have to admit that I struggle with Captcha full stop. I agree with the concept but it is so fiddly.

    My aged mother (bless her) has a Google account and has given out her mail address to just half a dozen people, yet gets 150 unwanted mails a day.

    I’ve told her just to get a new address but I think she quite likes some of the content if the truth be known !

  • Zen

    From my personal experience, I started receiving spam when I signed up for those sites like and similar. It was notorious: as soon as I gave them my mail, the spamming commenced. I didn’t get a single spam mail before that. Goes to show… even the legit looking ones sell your mail accounts.

  • Yes, I can get some spam emails from gmail. something like:
    Want to shave a few pounds?
    You must know this secret!
    Look attached details or visit out site (LINK IS IN ATTACHED DETAILS)
    also a zip file attached, the file is html file.

  • Don’t mean to disappoint you but the other week there was a newly developed gmail mass address creator circulating in some blackhat circles that does actually bypass the captcha.

  • I get some spam emails from gmail, too. How can i can stop this?

  • Wow, I’d be impressed if someone actually hacked anything Google does. Though, I don’t really know how long the hack would last.

  • @ Marcy

    From Gmail or into your Gmail?

  • @SEO guy – any proof that it worked? Without any human input at all??

  • Having worked in image processing in a previous lifetime, I don’t find it unbelievable that several types of captchas have been cracked. If software can spot a tank in the woods from a satellite picture, then figuring out some letters that have been twisted around a bit shouldn’t be so hard. It’s not something the script kiddies are going to figure out, but it’s easier than what the russian computer science PhDs used to be working on.

  • This is a hell of a coincidence because as of the last week and a half I have received quit a number of viagra sals pitches, and when i say quite a number i mean 8 to 10 a day to my junk folder.Prior to last week nil…zero…nothing and when i block them 99% are gmail accounts.

  • Frank

    Interesting that one of the competitive message security providers of Google’s Postini services, couldn’t help themselves in suggesting this may have happened.

  • Andy Beal

    Yep, it is fully automated. I personally know two guys who now use it for all sorts of sneaky spam. I did not test it myself however. I’m allergic to spam. Besides, it costs over $400.

  • jen

    I dont think gmail’s captcha is any better than anyone elses and there are programs that can read them.
    spam away….haha…jk

  • In the meantime Google has slightly changed its CAPTCHA.

  • Until recently, I don’t remember getting much Gmail spam. Lately, though, it seems like about a fourth of the spam letters I get are coming from Gmail addresses. I even got one last week that said it was a death threat from a hitman hired to kill me unless I give him $12,000. Easily the funniest spam I’ve seen in a while.

  • Piper,

    Well, be careful just in case he he

  • spammers are provide free porn, isn`t it nice?

  • Providing porn in the form of a woman progressively undressing with each captcha answer is something the spammers are doing, or so I too read somewhere a few months back. Its brilliant on the part of the spammers if they have indeed gotten a code to do it.

  • Sue

    Very interesting. I didn t know that bevor. I think google need need more security programs