I was going to title this post "CAPTCHA and BlogEngine.NET" but that's so academic. Then I considered simply "Spam and BlogEngine.NET," but that would have by omission suggested that I've been dealing with spam since I migrated from Community Server to BE.NET. I didn't want that to happen, because I haven't. No spam - nadda, nope, nothin.
I'm a self-celebrated Cookoo-for-CAPTCHA aficionado, so I figured coming up with a CAPTCHA control would be on my pre-flight BlogEngine.NET Go Live to-do list. Then I discovered that BE.NET implements "Invisible CAPTCHA," which in my opinion is the best of all possible worlds. If you consider the energies and processes involved in fighting spam after it gets through the front door, why not simply lock the door with CAPTCHA instead? And "invisible" is just that, no key sequence to burden the visitor. You can read about Invisible CAPTCHA in Mads Kristensen's Code Samples.
To be honest, my "Nadda, nope, nothin" should have an asterisk attached to it, and here it is. I was getting hit with Spam through my Contact Form within 30 minutes of putting the site online. That didn't last long though, because a quick look at contact.aspx.cs revealed that it didn't do an if (!IsCaptchaValid) validation on btnSend_Click(). After patching that I haven't had a bit of spam.
Whenever I talk about CAPTCHA I have to mention the wise words of my good friend, The Wizard, who says about CAPTCHA, "Set it and forget it!"