SPAM sucks for everyone and fighting against it is a losing battle, yet we web developers have to do our best to limit it the best we can. I’m facing a number of situations where I have to choose between offering the user a CAPTCHA or a challenge-response e-mail (e-mail them a link to click).
Some situations are obvious choices (resetting a password is a definite e-mail, non-logged in situations are obvious CAPTCHAs), but others are more in the grey area.
So I ask you:
Which is More Annoying? A CAPTCHA or a Challenge Response E-mail?
I eagerly await your painstakingly crafted responses in the comments.