For anonymous users, the macro simply outputs the literal argument text as passed to the macro.
For logged-in users, the macro processes the parameter string as follows:
- The following ALL-UPERCASE words will be replaced:
AT
@
DOT
.
DASH
-
- Other ALL-UPPERCASE words like e.g. NO SPAM NOSPAM WHATEVER I DONT WANT SPAM etc. will simply be dropped (replaced by an empty string).
- All blanks get removed.
A clickable mailto: link is generated.
There is of course some danger of an especially bright spam bot recognizing usual spam protection words like AT, DOT and NOSPAM and converting them correctly. This is made more unlikely if you sprinkle in arbitrary words and blanks. A spam bot who can even recognize that has well earned your email address. 
You can easily see the effects of MailTo by comparing these examples for logged-in and anonymous users:
<<MailTo(Firstname DOT Lastname AT example DOT net)>> becomes <Firstname DOT Lastname AT example DOT net>
<<MailTo(Firstname . Lastname AT exa mp le DOT n e t)>> becomes <Firstname . Lastname AT exa mp le DOT n e t>
<<MailTo(Firstname I DONT WANT SPAM . Lastname@example DOT net)>> becomes <Firstname I DONT WANT SPAM . Lastname@example DOT net>
<<MailTo(First name I Lastname DONT AT WANT SPAM example DOT n e t)>> becomes <First name I Lastname DONT AT WANT SPAM example DOT n e t>
<<MailTo(Vorname DOT Nachname AT example DOT net, Me, Myself, and I)>> becomes <<MailTo: execution failed [Too many arguments] (see also the log)>>
Given the ability to add CAPS words, each user can raise the obstacles for both bots and humans as they desire. If you make it hard for human readers, you will get less mail.