Facebook has built a number of automated systems to detect spam and potential spam and block those responsible. When we find a URL that we know is spam, we add it to a blacklist and prevent it from being sent or posted. Spammers are smart, though, and they often manipulate their URLs in an attempt to get around these controls. As a result, we’ve also created a “greylist” for URLs that might be spam, but might also be legitimate. When users try to send or post these, we put up a captcha for them to solve. Spammers typically use scripts and machines to do their dirty work, so these captchas, which can only be solved by humans, help stop them in their tracks.