The mailto URI scheme, as registered with the Internet Assigned Numbers Authority (IANA), defines the scheme for Simple Mail Transfer Protocol (SMTP) email addresses. It allows users clicking a link in a website to send an e-mail without first having to copy the destination e-mail address and open an e-mail client. Though its use is not strictly defined, URLs of this form are intended to be used to open the new message window of the user's email client when the URL is activated, with the address as defined by the URL in the "To:" field.    
Using "mailto" within a HTML document to generate a link for sending email:
<a href="mailto:firstname.lastname@example.org">Send email</a>
It is also possible to specify initial values for headers (e.g. subject, cc, etc.) and message body in the URL. Blanks, carriage returns, and linefeeds cannot be embedded but must be percent-encoded.
<a href="mailto:email@example.com?subject=Thisfirstname.lastname@example.org&body=This%20is%20the%20body">Send email</a>
Multiple addresses can also be specified:
<a href="mailto:email@example.com,firstname.lastname@example.org">Send email</a>
The address can also be omitted:
<a href="mailto:?to=&subject=mailto%20with%20examples&body=http://en.wikipedia.org/wiki/Mailto">Share this knowledge...</a>
Mailto clickable links do not always function correctly for the site visitor. The software mechanism activated by the link requires that a default email client or webmail-service be established on the computer or in the browser. Not all web browsers, such as Internet Explorer, have the capability to configure a webmail service for this purpose, but only support local email client software. Others, such as Opera, Firefox, and Chrome, do have support for both variants.
Additionally, if no email client or webmail service has been explicitly established to act as the default, one may still exist if an email client was pre-installed by the computer vendor but never used or configured by the user. In this case, upon clicking a mailto link, the user will be subjected to a volley of technical questions by the unconfigured email client.
Security and privacy
A number of security issues are mentioned in RFC2368, however the greatest concern is that of robotic address harvesting. Mailto constructs are locatable within HTML pages by automated means which typically include the use of DOM constructs or regular expressions. Addresses harvested by such means are liable to be added to spammers' mass-mailing lists, and to thus receive large amounts of unwanted mail.
A number of methods exist to 'harden' mailto links against harvesting. However, these methods are not guaranteed to remain effective if the technology of harvesting robots is improved. Form based alternatives however, experience similar challenges with preventing spam, which has led to the introduction of CAPTCHAs, 'humanity checks' and other anti-spam measures.
- Kyrnin, Jennifer. "The Mailto Command". About.com Web Design/HTML. Retrieved December 9, 2012.
- RFC 2368 (Jul 1998) : by Paul Hoffman discusses operation of the "mailto" URL in chapter 3 (superseded by RFC 6068).
- RFC 6068 (Oct 2010) : replaces RFC 2368 (changes are mentioned in chapter 9).
- Description of mailto syntax
- "RFC 2368 The mailto URL scheme". Retrieved 31 January 2014.