most odd, not something i've seen. We do have a core function (CloakText) which can also be called by the core FormatEmail function which does mailto obfuscation, but it doesnt split up the mailto in that way (it actually encodes each character in turn so has no domain name logic). Is this in a particular module you're seeing it or in all html modules? Also can you check what editor provider you're using (the defaultProvider value of the htmlEditor node in web.config) as I'm not aware of all providers, perhaps it's a function provided by one of them.

---

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US

I must confess I had jumped to the assumption that because I was seeing this in our new 5.x and 6.x instances it must have been something in these new versions.  As this is clearly not the case from the responses so far (and such a quick response is really great) I went back and had a closer look.

It turns our the culprit is PageBlaster.  We always install PageBlaster for the caching and did the same for these new versions.  What we did not spot is a rule in the config called "Mailto cloaker" that is replacing the mailto links with the javascript that I reported.

Commenting out the rule has solved the problem.  As a matter of interest the rule is

<rule>
                    <ruleName>MailTo Cloaker</ruleName>
                    <searchFor>href=['"]?mailto:(\w+[a-zA-Z0-9.\-_]*)@(\w+)\.(\w+)['"]?</searchFor>
                    <replaceWith>href=" window.location.replace('ma'+'ilto:'+'$1'+'@'+'$2'+'.$3')"</replaceWith>
</rule>

We will probably try to rewrite the regex to accommodate uk email addresses, but for now we have it fixed.

Thanks again for the quick response that pointed us in the right direction.