After doing great usage with CAPTCHA in my site (when adding comments - if you didn't try it I am inviting you to give it a try and add some comments after reading this post...), I decided to give some words about it...

Some definitions...
a CAPTCHA is a type of challenge-response test used in computing to determine whether the user is human, aka "Completely Automated Public Turing test to tell Computers and Humans Apart". A CAPTCHA involves one computer (a server) which asks a user to complete a test. While the computer is able to generate and grade the test, it is not able to solve the test on its own. Because computers are unable to solve the CAPTCHA, any user entering a correct solution is presumed to be human.

There are several approaches to this CAPTCHA mechanism, that comes to supply the same idea of effect (to differ a human user from a computer user of course), like:
- Carnegie Mellon's PIX CAPTCHA, which the user here sees few images and need to differ which one is exceptional.
- Oli Warner's KittenAuth, the user here needs to select all animals of specific speices in the proposed images.
- Microsoft's Asirra, quite similar to KittenAuth, but works under larger amount of images.

Some issues that are important in order of using CAPTCHA in your web site:

• You must dock the CAPTCHA image/s in a non dominant place in your web site - think about it, the CAPTCHA mechanism is comes to help you to avoid bots, not to take a central place in your site.
• The CAPTCHA image/s supposed to has as much as small weight (something like between 4 to 8 kb), the site should not be affected from the CAPTCHA image/s creation. I'd rather creating the CAPTCHA image/s using HttpHandler that display the image/s from an outside mechanism.
• The area of the image/s should be appropriate to the site isuue. Images of cats should not be appropriate to a government site for example, therefore select the image/s properly.
• Store the CAPTCHA in a safe place and name them in appropriate names in order to use it properly.

OK, what about some implementation? There are a lot of ways to implements this algorithm, which is not so complex. You can find a lot of written open source small application that implements this CAPTCHA mechanism.

In the web application that I am working on at work, we saves all distorted images in a DB (and its images' values of course) and grabs it randomally on each request of the specific page that holds the CAPTCHA. The distorted image is shown to the user and its value is stored in the page viewstate (which is also encripted of course).
After that user enters her input, that value is being validated against the distorted image's value and if it's correct, moves on...

Do you have more suggestions of CAPTCHA implemetations?