One study by Stanford University (link opens as PDF) found 3 human users agreed on the "translation" of the CAPTCHA only 71% of the time. Overall success rates were ~85% on average.
To add to the pain, they are not foolproof. Spammers can crack CAPTCHAs with Optical Character Recognition (OCR) software, and there are humans overseas that will fill in CAPTCHA forms for a dollar or two per thousand CAPTCHAs. (No joke).
While CAPTCHAs aren't ubiquitous on retail ecommerce sites, they abound on subscription content sites, forums, social networks and blogs. They ensure only humans can create accounts or perform certain actions within accounts (such as post a link through Facebook), leave a comment or download content.
If you have or are considering a CAPTCHA to keep spam out, but want to minimize user friction, there are at least 5 workarounds for those crazy spaghetti-strung gobbledeegook spam traps (and often, human traps).
1. The Honeypot Trap
Bots malicious find open fields delicious, so set up a "honeypot" field with hidden CSS that is invisible to users. You can set your validation to fail when there's anything entered into the honeypot field.
This method completely removes the friction of the CAPTCHA method -- unless the user has CSS disabled, or uses a browser that auto-fills common fields. The latter may be a high percentage, so consider using a field that is rarely asked for by other sites, such as time zone, but something bots might recognize.
2. Skill Testing Question
A simple math question is often easier to complete than de-coding a set of words that look like they've been scribbled by a 3 year old with chubby chalk, which reduces friction without eliminating it entirely:
Image credit: 13things.net
OK, the above might prove you're superhuman, or fresh out of college. It's fun to inject a little humor into the painful process of proving your humanity. How about this:
3. Simple Task
Ubokia gamifies the prove-your-human process, using a creative drag-this-icon-here method.
A Flickr user proposes a tic-tac-toe game, where the human plays the winning move for X.
A company that offers these kind of games is AreYouAHuman.com.
4. 3rd Party Authentication
If your CAPTCHA is used for a membership / registration, offering Facebook Connect as an authentication option, for example, eliminates the need for the CAPTCHA, and pre-fills form fields with information from the user's profile to boot. This option is becoming more and more common, especially with membership sites.
Because not everyone uses a social network or wants to sign up with one, this approach doesn't replace your CAPTCHA, but reduces friction significantly for a good chunk of your users.
5. Solve Media
Solve Media is a company that developed a CAPTCHA/display ad hybrid that requires the user to answer a simple question about another company's ad on your site. Advertisers pay for the appearance, and at least in theory, should receive higher recall as the user is forced to pay attention to the ad.
Several major publishers have signed on for trials of the Solve solution, including Hearst Magazines and TV Guide. Publishers share 50% of ad revenue with Solve, making it a CAPTCHA workaround you can monetize.
6. Do Nothing
Hey, "do nothing" is always an alternative. I've seen many ecommerce sites drop the CAPTCHA or only show them selectively (for example, when an IP address is suspicious). For example, Netflix once used CAPTCHA and doesn't appear to any longer.
If you truly believe your site needs a CAPTCHA, it's worth A/B testing to see if it's killing your conversion rates. Measure both conversion lift and impact on number of "spam conversions" with and without the CAPTCHA. You may also consider testing any of the above workarounds.