If your permissions allow "Not Logged in Guests" (ie. anyone on the internet) to access your member directory, it's possible that spammers may use the Contact button on user profiles to send un-wanted messages.
If this is an issue for you, there are a few options you can implement to help lock down your directory:
1. Add a re-captcha to your website - when enabled, by default it will show for new members when they sign up, and you can choose to enable it for logged-out members when they try and use the Contact button on directory profiles. This can help prevent automated spam bots from contacting your members. More information: How can I enable reCAPTCHA on my network?
2. Adjust viewing permissions for "Not Logged in Guests" in your Permissions Grid - if "Not Logged In Guests" are able to "View User Listing" and "View Company Listing", they can access the Contact button on profiles to send these messages. You may choose to revoke this permission for Not Logged in Guests, preventing them from accessing the messaging tool. More information: More information: How do I set permissions for my Directory?
3. Disable the messaging system - if you find that the directory messaging system is still causing issues, you do have the option to turn it off across your website so that it can't be used by anyone: How can members contact each other in the directory?