Paul from pauldotcom.com suggested in Ep 108 Part 2 of his podcast that EDU folks should not publish their email addresses. (The mention isn't in the show notes, but I figured I'd give props anyway.)
While I understand Paul's reasoning - it makes it too easy for harvesters to glom up lists of folk to spearphish - I disagree. I have an email address because I *want* people to contact me. If only people inside my org can look up my email address, my address is partially useless. How else are non-UW people supposed to contact me, or even know that I exist? I don't want telephone calls from people - in fact, sometimes that wouldn't work anyway, since I'm generally 9am-5pmish (ok, as early as 7 and as late as midnight) and if it's somebody in Europe or SE Asia - and yes, I've gotten cold emails from people in those time zones that I actually wanted to read - then I just won't ever hear from them. And that would make me sad.
I suppose you could say *I* can publish my email, but our organization shouldn't allow somebody to harvest tons of addresses, but in practise most people put an email address on their web page, or they use it somewhere else, or whatever. Post to newsgroups or online, say. Pow. A bit of frobbing and scripting there, and we all know captchas don't work, and I can get the same list. Granted, not as easy, but... I could do the same thing lots of other scriptable ways too.
Security through obscurity doesn't work, and we mock those who attempt it. Non-public email addresses is just obscuring things, and it won't work. If the problem is naive people clicking on links sent to them, then we have a human problem, not a technological problem. You will rarely solve a human issue with technology.