If you do that, then you're only going to get the user to solve a few CAPTCHAs per pwned computer per day (maybe 20 or so if you make it really mean). If that's all you want, this hashcash implementation won't be an obstacle either, but that's a far cry from a million spams a second.