It is easy enough to identify legit IP addresses for known VPNs - just like it's easy to identify known IP addresses for major email list providers such as mailChimp or Amazon SES.
Your suggestion may well be another excuse they offer, but it's not a technically valid reason.
At the simplest level, imposing a captcha delay on VPN-originated connections may just be punitive - a penalty for attempts to opt out of surveillance marketing systems.
But it isn't much of a reach to suspect more detailed analysis occurs, with ongoing attempts at individual user identification to pierce VPN pseudonymity.
Can you elaborate on why it’s not a technically valid reason?
I don’t think they are sophisticated enough to differentiate between multiple people using the same IP.
So when there’s a lot of traffic coming from one IP, they don’t know if it’s 100 people or 1 person generating 100 people’s worth of traffic, and that makes them uncomfortable.
Though I think websites that respect their users should embrace VPNs.
