Just as Google and other search engines have bots that crawl your web pages to make your content searchable, spammers have bots that crawl your site looking for email addresses to take advantage of. The best way to help prevent this from happening to your constituents' emails is to make sure your email directory is situated behind a password-protected portal. Another way to make it harder for email harvesters to find email addresses is to display email addresses as icons, rather than putting the full address directly on the page.
In the Composer Constituent Element, whether in the "Constituent Details" or "Pop-Up Details" section of the element settings, there is an option alongside the email display option to "Display email address as" Text or Icon.
In Page Manager, a similar option is available in the "Directory Display Settings" section of the Directory Properties on a Constituent Directory-format page.
Use the "Icon" or "Show as envelope" option to display a small envelope icon with a "mailto" link to each constituent's email address, which will open the user's default email application and automatically fill in the email address. This way, the email address is camouflaged on the main page, where "screen scrape" harvesters search for addresses.
Note: This does not permanently mask an email address. If someone clicks on the icon to bring up the email window, the address is available in the "To" field, where it can still be copied. Other types of email harvesters search the page source and can find "mailto" links as well as text addresses. This is, however, an extra step that acts as a deterrent by making it more difficult for bots to obtain the email addresses in bulk.
An alternative that might fool more sophisticated email harvesters would be to set up secondary email addresses to use for emails coming from web pages. For example, if the head of school’s email address needs to be displayed on a public page, use firstname.lastname@example.org and set it to forward to email@example.com. Because it is a separate inbox, you can set up rules so that it only forwards legitimate-looking messages. For other extreme techniques to prevent email harvesting, explore those proposed by Smashing Magazine.