Google Captchas in the registration form

Why does mailbox use Google Captchas in the registration form?

We face the problem that a spammer is using botnets to create hundreds of thousands of fake accounts for sending spam through our service. While we may take this as a compliment to our infrastructure, we had to and wanted to immediately stop this abuse and come up with solutions. We tested various captcha systems, but these were cracked and bypassed by the spammer quite frequently after only a short time.

We currently have on our agenda to develop our own captcha system, which — after analyzing the previous attacks — we expect would hold up very well, precisely because it would be individual and would not follow any of the known patterns. However, this would cost a significant number of person-days from our developers, who already have plenty to do and who in that time would not be able to implement other features for our users and mailbox. And our list of ideas for meaningful features is long and substantial.

For this reason, we decided to continue using Google Captchas temporarily, because they actually work reasonably well (credit where credit is due — this can be acknowledged). In the long term, we definitely want to change this, no question. But at the moment we see more advantages in letting our people work on smart new features.

Important: The captchas are not used in every case, but only once in the registration form. After that, never again. In our opinion, this may not be ideal, but it is acceptable.