I meant to reply to the post, not the author, but what I basically
said was:
Calling this a security feature is probably a bad idea then. Users may
get the impression this is in fact somehow more secure than other
CAPTCHA implementations. The referrer can be forged, and this still
wouldn't stop someone from hosting your key on their site. Not only
that, but the attacker can still just load your form, download the
image, crack it with an algorithm or post it on their website and then
submit the solution to your form, not the reCAPTCHA servers, in which
case, the referrer wouldn't even have to be forged.
Any attacker sophisticated enough to use these methods to try and
circumvent your CAPTCHA will probably not find these other measures
very challenging to overcome.
> reCAPTCHA: stop spam, read bookshttp://recaptcha.net- Hide quoted text -
>
> - Show quoted text -