mailto is a Uniform Resource Identifier (URI) scheme for email addresses.
[5] A number of security issues are mentioned in RFC 6068, one of them being robotic address harvesting.
Addresses harvested by such means are liable to be added to spammers' mass-mailing lists and thus to receive large amounts of unwanted mail.
While methods exist to "harden" mailto links against harvesting—address munging and JavaScript-based address obfuscation among them—these protections can be circumvented by sufficiently sophisticated harvesting robots.
Other techniques, like walling the address behind a CAPTCHA or similar "humanity check", provide security on par with that available for other contact methods, most notably web forms, which experience similar challenges with preventing spam.