I had an installation where a malicious user was hitting all the "message form" links from commenters and trash-talking the person who owned the installation. So I came up with a simple hack after turning off the message form feature in the profiles of all the registered bloggers.

In /skins/_item_comment.inc.php (or /skins/yourskin/_item_comment.inc.php) find this bit:

$Comment->author();
$Comment->msgform_link( $Blog->get('msgformurl') );
$Comment->author_url( '', ' · ', '' );

Now replace it with this bit:

$Comment->author();
if( is_logged_in() ) {
	$Comment->msgform_link( $Blog->get('msgformurl') );
}
$Comment->author_url( '', ' · ', '' );

Very simply, this means that ONLY registered members will be able to contact anyone who leaves a comment and leaves the "allow contacts" feature enabled. Now the malicious person who used the message form feature to trash-talk the blogger won't be able to because that person is not a registered member of the installation.