by adding some spam filters to my site i've successfully taken out about 20 spam mails a day that were directed at one of my sites. I dont use any image verification as i prefer to get the most customers possible. http://forums.digitalpoint.com/showthread.php?t=140505 this thread shows some details on how I and others have stopped most of the spam. since i added the spam filters not one message has gotten past the filters. we'll see if that lasts, they have only been up and running for about one week now.
Image verification is mostly used to make sure that the user is a human and not a script. For example to prevent bruteforce attacks that try to find valid username and password combos by using all sorts of combinations.
As mentioned, it's a method of trying to prevent spam/abuse and/or bots. The images are called CAPTCHAs and there are many methods of generating them. The biggest problem is the usability and accessibility for visually impared users and users of text browsers. Personally, I use a CAPTCHA as a last-ditch effort. My blog checks a bunch of things (how long the person has browsed the page, if they have javascript enabled, what's their ip, etc.) and if they are in the neutral zone (i.e. not sure whether it's a human or a bot), it presents a CAPTCHA. Filling it out generally gives enough bonus points to get the post put up right away. Not filling it out means the post goes into a review queue, so visually impared users can still post, they just don't see their comment appearing right away.
your really going through a lot of steps! Currently i just have my system crawling the text within the form for spam heavy words. So far its worked fine, after this i'm going to implement a test to make sure the user is actually on the page when they can submit the form. Details about that are in the thread i provided before.
Sorry that I haven't had a chance to reply until now. CAPTCHAs are generally served with PHP's GD library (though ASP and other methods are used). If your site is using open source software, there is probably a captcha plugin or module available. If it's a from-scratch site, there are open source packages out there. You may find it interesting to play with PHP's GD library and create your own. Here are some quick links from Google that may or may not be helpful: http://www.ejeliot.com/pages/2 http://codewalkers.com/tutorials/95/1.html http://www.matthewleverton.com/howto/phpBB2-captcha.html Many plugins for CMS's like WordPress can also be modified (check the license for sure) to be used on any site relatively easily.