Actually, captchas are overkill for challenge/response. Better is just a simple human question like the one I use here -- as long as the question is made up by each person, and there are no patterns. Spammers could start maintaining databases but I doubt it's worth it for them. I know spammers have taken the challenge of captchas up when it comes to automating creation of webmail accounts and so on, which have long term value for them. Are there reports of them doing it for single mail challenges? Hardly seems worth it.

Right now the normal spammer philosophy is that if you fail to get a mail through it's cheaper to just go on to the next one. Once anti-spammers get good enough to make this no longer viable the spammers will find it useful to defeat turing tests etc.

My hope is that the spamemrs won't drive us into an Orwellian world where you can't do anything on the net without providing your ID. "Digital papers, please!"