Today I've received a segnalation from Bill McCarthy... he has tryed to post a feedback on my Blog via its aggregator (Sauce Reader) and surprisingly he bypassed the CAPTCHA control...
The problem I've quickly observed is that aggregators like Sauce Readers, after a blog subscribtion, permits to users to send feedbacks to comments by using the webservice interface exposed by the Blog engine (the same interface used to allow readers to read comments from a blog). A consequence of this is obvious... the CAPTCHA filter is bypassed. 
And now? I think that Human Interactive Proof is a good filter for common spam problems on our blogs, but after this discover I'm really happy to have used also a SQL filter on my Blog... if someone posts what I'm thinking to be targeted as Spam also via aggregators, a SQL filter will erase the feedback in real time... 