I just realised I almost made a silly mistake :)
To cut down on the amount of spam you get, it's fairly common knowledge that putting your email address (even not machine readable) on your website is an open invitation for spammers to abuse your account. A common solution is to set up a web-based form which visitors fill out, and then gets forwarded to you (with a little bit of spam filtering along the way).
Recently I've been getting a lot of contacts that just say things like "hey man, i like your site!". This is clever way of trying to get your email address by 2 ways:
1. You reply to the email and say "thanks mate, i like my website too" (bad move, you just sent your email address direct to the spammer.)
2. You have a VACATION responder turned on which automatically sends the spammer your email address!
So, there are a couple of solutions:
1. dont set the From: header in the email from the website to be from the email address the user submits in the form (your autoreply will go straight to that address (the spammer's)).
2. Dont ever go on holiday, so you dont need an autoresponder! :)