The weakness

Using a link as constructed below it's possible sending spam to a random emailaddress. And with insufficient anti-automation - in other words: without something to prevent this - one can automate this URL to send large quantities of spam.

http://JOOMLA/component/mailto/?tmpl=component&link=1

Joomla! developers have already been informed about this issue in September 2010. Solution

joomla_mailto_unpublishedThere is a very simple (but effective) solution to solve this issue for your website: You just have to unpublish the component MailTo (assuming you are not using it anyway). Follow the steps shown:

  login to Joomla! administrator
  goto Extensions >> Install/Uninstall
  goto tab Components
  scroll down to component = MailTo
  click on the green tick so it changes to a red circle with a white cross
  done

With this simple solution the component MailTo is now unpublished and therefor not reachable. Note: With this solution it's not possible to use the Mail-a-friend functionality in an article anymore. But in our opinion that's less important then being accused of sending spam.