> Thanks for the suggestion, though - we'll see if we can come up with
> another way.

How about giving non-JS users an easy-to-hack alternative?

  <a href="mailto:foo@microsoft.SPAM.com.SPAM">Microsoft</a>
  <a href="mailto:foo.SPAM@netscape.com.SPAM.SPAM.SPAM">Netscape</a>
  <script src="spam.js" type="text/javascript"></script>


  function spam_correct() {
    var i, lk, ix;
    for (i= document.links.length; i-->0;) {
      lk= document.links[i].href;
      if (lk.substring(0, 7)=='mailto:') {
        while ((ix= lk.indexOf('.SPAM')) !=-1)
          lk= lk.substring(0, ix)+lk.substring(ix+5);
        document.links[i].href= lk;
    } }

If you do choose to use an embedded script, best remove the <!-- ... -->
hack. A true XML parser will ignore the entire script as it currently
stands. You can see this happen in Mozilla if you serve the page with an
XHTML Content-Type.