diff --git a/TODO.md b/TODO.md
index 13049425..4321afd2 100644
--- a/TODO.md
+++ b/TODO.md
@@ -1,5 +1,6 @@
 # To-do
 
+* rate limiting to prevent abuse - especially on POST requests
 * consider removing `events` and `worldmap` modules
 * ask Denver about why so many license files
 
diff --git a/conservancy/fossy/forms.py b/conservancy/fossy/forms.py
index 8ef38f22..f64ac7f2 100644
--- a/conservancy/fossy/forms.py
+++ b/conservancy/fossy/forms.py
@@ -1,9 +1,12 @@
+from captcha.fields import CaptchaField
 from django import forms
 
 from .models import CommunityTrackProposal
 
 
 class CommunityTrackProposalForm(forms.ModelForm):
+    captcha = CaptchaField()
+
     class Meta:
         model = CommunityTrackProposal
         exclude = []
diff --git a/conservancy/settings/base.py b/conservancy/settings/base.py
index 0ed97181..09169a0c 100644
--- a/conservancy/settings/base.py
+++ b/conservancy/settings/base.py
@@ -93,6 +93,7 @@ INSTALLED_APPS = [
     'conservancy.fossy',
     'conservancy.podjango',
     'conservancy.usethesource.apps.UseTheSourceConfig',
+    'captcha',
 ]
 
 DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
diff --git a/conservancy/settings/prod.py b/conservancy/settings/prod.py
index 70afef96..41b92cfb 100644
--- a/conservancy/settings/prod.py
+++ b/conservancy/settings/prod.py
@@ -40,3 +40,6 @@ SESSION_COOKIE_SECURE = True
 
 STRIPE_API_KEY = get_secret(secrets, 'STRIPE_API_KEY')
 STRIPE_ENDPOINT_SECRET = get_secret(secrets, 'STRIPE_ENDPOINT_SECRET')
+
+CAPTCHA_FLITE_PATH = '/usr/bin/flite'
+CAPTCHA_SOX_PATH = '/usr/bin/sox'
diff --git a/conservancy/urls.py b/conservancy/urls.py
index 6a963915..de9a7ac2 100644
--- a/conservancy/urls.py
+++ b/conservancy/urls.py
@@ -61,6 +61,8 @@ urlpatterns = [
     re_path(r'^privacy-policy/', views.content),
     re_path(r'^projects/', views.content),
     re_path(r'^sustainer/', views.content),
+
+    path('captcha/', include('captcha.urls')),
 ]
 
 # Serve uploaded media. Works only when DEBUG == True. Using '/media/'
diff --git a/deploy/install.yml b/deploy/install.yml
index 6a396933..670b06fd 100644
--- a/deploy/install.yml
+++ b/deploy/install.yml
@@ -130,6 +130,10 @@
        apt:
          name: build-essential,python3-dev,libffi-dev
 
+     - name: Install flite and sox for CAPTCHA text-to-speech
+       apt:
+         name: flite, sox
+
      - name: Security settings
        apt:
          name: fail2ban
diff --git a/requirements.txt b/requirements.txt
index 75a0568c..9631bfd5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,3 +6,4 @@ stripe
 beautifulsoup4==4.11.2
 html5lib==1.1
 Pillow==9.4.0
+django-simple-captcha==0.6.0
\ No newline at end of file