Karsten can be a bit fanatical on the topic.

I experimented with C/R once, but I have to agree with its opponents, it is very good at stopping spam, but you'd be surprised how many people won't respond to the challenge. and you have to make exceptions for automated systems. Fiddly and messy.

The primary objection is it sends email (perhaps not a lot) to people who didn't ask for it, and who didn't send you any, because their address was forged. Chances are they are going to be deluged, and it isn't nice to contribute to this unnecessarily. (C/R also makes email more complex to use - this is perhaps arguably worse than the spurious challenges.)

The way to avoid this is to kill unwanted email during the SMTP transaction, as most blacklisting systems, and greylisting do, and as other spam filters can (if implemented at the appropriate point in the system).

The earlier you kill email in the SMTP process the less resource that is expended on it as well. Some of the big email site recommend queuing and then post processing, as this allows handling higher peaks of email throughput, but for most organisations (upto 10,000's of mail boxes) this simply isn't required with modern hardware.

Filtering spam after you've completed the SMTP transaction is bordering on the foolish if you ask me, you have no good choice what to do with the suspected spam.

a) emailing the purported sender is abusive because it is probably faked.
b) sending it to its destination doesn't save anything.
c) leaving it in a spam folder (or deleting it) just means any false positives will be lost to the world.

C/R is just a variation of (a).

Obviously the smart email admin will try and avoid this situation arising in the first place.