Brian McConnell made an excellent point in hisDefeating SPIT With A Simple Captcha Script post last week on the oustanding O'Reilly Emerging Telephony blog. Here's a snippet -

There is, however, a simple solution that allows VoIP network providers to strike a reasonable compromise between openness (e.g. the ability for anybody to dial user@voipprovider.com, just as they might send an email via SMTP), and reasonable security measures to thwart automatic dialing.

One simple trick that providers can implement is to force callers to respond to a voice prompt like “To complete this call, dial 1 (random noise) 2 (random noise) 5 (random noise).” The goal is to exploit the limitations of automated speech recognition so that a bot cannot get past this IVR challenge question. The IVR will always play a slightly different sentence, so it’s not obvious where the spoken digits begin, and then will intermix the spoken digits with background noises that will confuse a computer. Same basic idea as prompting a user to transcribe distorted text.

While Captcha techniques have been widely deployed in the blog environment to control comment spam, they're often viewed by users as a pain in the neck. That's at least in part because when we're commenting on blogs we're at a keyboard. Reading the graphic image may pose a problem for those of is in the "bifocal years," but we're also prompted to key in a very non-intuitive "word" to pass the security mechanism. In a voice system, as Brian notes,  a simple prompt to dial a digit, even a short string of digits, is far less intrusive. Brian's offered up an effective counter to the problem of SPIT which remains a threat, but hasn't yet provem to be a problematic reality. Great idea!

Technorati Tags: SPIT, O'Reilly, Brian McConnell