It's a kind of reverse Turing test. In order to verify that a request is from a human being, and not from a spambot, the software presents a challenge which a human is likely to successfully answer, and which is likely to confuse a spambot.
The Drupal CAPTCHA module is pretty simple to install and is much better than previous CAPTCHA choices for Drupal. The original CAPTCHA module was very inflexible, though effective. It has undergone a period of redesign to make a very nice and flexible system. During the interim period a solution named MyCaptcha was made available, and which I disrecommend in favor of the new and improved CAPTCHA.
Installation
Unpack the module in your modules directory. In the modules admin page, enable the Captcha module and any other Captcha modules which show up. The base Captcha distribution comes with a couple included Captcha types.
You may want to also install the Captcha Pack or the reCAPTCHA system. You can also unpack these modules and enable them at this time.
Configuring the basic Captcha system
You will find CAPTCHA in the 'User Management' section of the admin page.
The new and improved CAPTCHA system supports multiple captcha types. The stereotypical Captcha type is an image into which some text is rendered. An image containing text cannot be easily read by a computer, because it means capability for optical character recognition. To make an OCR attack harder Captcha software usually mutates the text. But the harder you make it for computers to use OCR to read the text from the image, the harder you make it on your humans to do likewise.
The Drupal CAPTCHA system offers more types than image captcha's.
Out of the box it supports math captcha's where the user is asked to perform a simple math operation, and image captcha's.
You select for each 'form' what (if any) captcha to use for that form. 'Form'? What this issue boils down to is, at any point Drupal asks for input from a human, do we or do we not want to at the same time verify that the input was given by a human? Input into a web application is through a 'form', and therefore it's necessary to consider adding humanity-verification to each form in the system.
In the image captcha type there is some further configuration to perform. Image captcha's involve drawing text, and to draw text one must have a font to draw. But getting a font is non-trivial because few (or none) are open source in the way required by the Drupal community. However Yahoogle is your friend, and searching for "free truetype fonts" turns up several websites with freely downloadable fonts to use. Simply download one or more of them into
captcha/image_captcha/fonts/
and the Image Captcha module will immediately recognize them.
In the image captcha settings you have several options controlling how badly the text is skewed and mangled. Again, there is a tradeoff between making it hard on the computer and making it hard on the human. There is software out there that can read image captcha's and fool the captcha system. The things which (I think) will make it hard(er) for this software is to use an unexpected font, and to add noise and distortion. But some of the 'weird' fonts which would make it hard on a computer to decode, also make it hard for the human to decode. Fortunately the module provides lots of settings to tweak to your desire.
Configuring the Captcha Pack
The captcha types are shown as links on the Captcha settings page.
The Captcha Pack offers several additional captcha types. Some involve a lot of configuration, and they are all highly interesting.
The one I like right now is the ASCII Art Captcha. It's similar to the Image Captcha in that text is drawn, but instead of rendering in an image it is written in large block letters. ASCII Art is an old art style from the early days of the Internet. Essentially text characters can be used in other ways than to write words and paragraphs, they can be used as elements of a drawing. The ASCII Art Captcha draws big letters by stringing together text characters in a way to form the picture.
Configuring reCAPTCHA
I haven't done this.. but the attached video goes into it.