If you've noticed an increase in the amount of spam you've been getting lately, it's probably because the captchas for both Gmail and Yahoo mail have been broken recently.
Ye gods, how hard can it be to solve this problem? I gave it five minutes of thought just now and came up with an utterly trivial solution that will completely stop free email accounts from being used for spam:
1. Whenever a message is sent to a recipient that has never received a message from that account before, modify the message to include a link at the top that the recipient can click on if the message is spam.
2. Limit the number of new recipients that can receive email from that account to a few dozen a day.
3. If the number of spam reports from that account exceeds a certain threshold, shut the account down.
4. Require a valid credit card number to set up a new account. Even better, charge $1 for a new account.
Point 4 is going to be somewhat controversial because the email providers will argue that if they do this then people will just use someone else's service. But this is not true. If only the Big 3 (GMail, Yahoo and Hotmail) instituted this policy that would be enough to force everyone else to follow suit. The reason is that spammers would abandon the Big 3 and start using smaller free email providers. Once people realized that a particular provider was laden with spam they would just start filtering out all messages from that provider. Once people with legitimate accounts realize that their messages are being spam filtered they will either pressure their provider to adopt the "credit card captcha" for new accounts, or they will switch to a provider that already uses it.
This would not just make a dent in spam from free email accounts, it would *completely* eliminate it because it would make it unprofitable. A single account could not be used to send out more than a couple of hundred spams before it would be shut down, and creating a new account would be too expensive to make spamming profitable. So the spammers wouldn't even try.
Note that this would not eliminate spam altogether, because spam could still be sent from botnets. But that kind of spam is pretty easy to filter.
Can anyone come up with a reason why this wouldn't work?