Johannes Rohr via Mailman-users writes:
Last time I tried, [captchas worked well], but maybe that was before AI became ubiquitous.
What we saw was that 2005-level machine learning technology was producing character recognition good enough to beat the distorted character CAPTCHAs in a small number of tries. This was readily available to the most persistent spammers, so CAPTCHAs were not very successful at reducing such attacks to tolerable levels.
Is there another approach that you would recommend?
Not my expertise, unfortunately. I would talk to people who work on these problems. At a hunch, maybe the Django people, especially the ones who work on allauth would have ideas. Also you could look for captcha projects (especially on PyPI, where you would find the most easily integrated products) and talk to their developers.
Since you seem quite concerned, it wouldn't hurt to try it. It's not hard, and the instructions for the django-simple-captcha package seem straightforward. It can be installed from PyPI using pip. That would pull in all the Python dependencies. You might need to install imaging libraries in the OS, although I think they're usually available.
The patch referenced earlier would probably show which files to edit, and where, to add the captchas to the right forms. Even if you don't program Python yourself, anybody with a little experience should be able to do it. Just make sure you make backups of any file you change, and a list of them, so you can revert easily.
-- GNU Mailman consultant (installation, migration, customization) Sirius Open Source https://www.siriusopensource.com/ Software systems consulting in Europe, North America, and Japan