One thing I think is important -- double opt-in on the email addresses. We don't want anyone to use us as an annoying means of mailbombing someone.
I'm not sure double opt-in is critical in this context since we're not talking about putting the address on a list. Nor would this be a convenient way to mailbomb someone, because it would require dealing with a webform for each message. But maybe it's better.
Here's what I envision: when someone views a "User" page, an "email this user" link appears (perhaps only if that user has opted in, and perhaps only if the person doing the browsing is logged in so we don't allow anonymous mail). On clicking that link, the user is presented with a form much like the one I'm typing into now on Nupedia webmail, except that the e-mail address of the recipient is not shown. When submitted, the software mails it off to the e-mail address stored in the database.
The questions, then, are (1) when a new user signs up, giving an e- mail address, should we further require that he check a box saying "allow other wikipedians to mail me" or should we let him check a box saying "don't allow other wikipedians to mail me". The e- mail address is never published in any case, and the only mails received are one-to-ones, not lists, but I suppose opt-in is still the more responsible thing to do. (2) Perhaps the double opt-in confirmation message could be sent whenever this option is selected. (3) The mail messages themselves might have a section something like "This mail was sent from Wikipedia's e-mail function. If you don't want to receive mails like this, go to..." 0