I have noticed that the "Email" buttons at the bottom of each post in these forums use a mailto: link. If you mouseover the email button you can see the email address. If you view the html source of the page you can see the mailto links with the email addresses.

This exposes the members of this forum to extreme risk of their emails being harvested by spam bots. You can even see the mailto links of google cached versions of this forum, for example:
http://64.233.183.104/search?q.....k&cd=2&gl=uk

Could i ask the forum admin to please turn off the email feature on this forum and just leave it with PM option or make the email buttons go to email forms linked to a script that does the emailing? If not i think i will have to change my email address in my profile to a dummy one, which will result in the forum receiving all the bounced emails when someone tries to email me from the email button.

You can choose to hide your e-mail from the public via your member center.  I have to be honest though, I don't think that a bot could crawl and find your e-mail address that way...correct me if I am wrong of course.

-Craig.

Quoted from Craig

You can choose to hide your e-mail from the public via your member center.

That feature is not enabled on this particular board. I think the admin needs to enable it from the admin control panel. I cannot see the option to hide my email in my user control panel here.

Quoted Text

I have to be honest though, I don't think that a bot could crawl and find your e-mail address that way...correct me if I am wrong of course.
-Craig.

Well i don't know what anti-bot measures you have installed but even if you have installed some, google is happily caching the pages on this board and the bots can get the addresses from the cached pages on google. The spambots don't just see the text that you and i can see in the browser window, they also target a href="mailto:..." links.

It is best to implement some kind of solution where the email address is never sent over the web in a page, like have the email button open up an email form instead of making it a mailto link.

The email form is linked to a server side script, and just pass the script the user id's of the person who clicked the email button and the person who'se post he is clicking the button on, and then the server side script gets their email addresses from the member data files and sends the email, and never shows the email address to the client side. ie the email address does not appear in the email form.

Check out the formmail script at the top of this page (compat version):
http://nms-cgi.sourceforge.net/scripts.shtml
It is a security improved version of the more widespread but more vulnerable original version by Matt Wright. I have next to no knowledge of perl, but i think it could be integrated into E-Blah by someone who knows perl. It would be good if someone could do a mod for this or if it was integrated into the next release of the forum software.

Actually, it's a bug because I did have it set to where everyone's e-mail address would be hidden (except for admins).  I've now turned it off, so now only guests it is hidden from and members can set to hide theirs from other members.

I'll add the bug to my list.  This all said, with current spam filters I don't get why people are still in a fit about it.  I rarely ever get any spam anymore using GMail.

Thanks. I now can see the option under "Board Settings" in the member center.

Well i guess not everyone has Gmail or spam filters that are so good.

If you host your own mail, SpamAssassin is pretty good.  There are others you can use, but SpamAssassin is the only one I've used, and it worked very well (especially if you teach it what is spam and what is not spam).