I don't know how big of a problem this is, but with spammers getting more desperate and aggresive every day, I'd be surpised if this doesn't start happening a whole lot more.
A forum I run (vb 2.x) just got nailed by a spammer who joined and ran a POST script to iterate through userids until they emailed every user on the forums who had email enabled (well over 1,000

). This put the site at risk for termination if the emails ended up reported to Spews or Spamcop, so I added a hack to make sure it can't happen again including a minimum post count before you can use the mail functions and a floodcheck to allow only 1 email every X seconds.
I haven't put the hack in publishable form yet, but it's all available on request.