Today I realized that spamers were using my web site for spam, and problem was com_mailto component.

This is one example of link.

For now I don't have solution, I just deleted that component from my web site.

It seems that problem was with this:

6. Use proper permissions on files and directories. They should be max permissions of 644 for files & 755 for folders with no exceptions.

Taken from here.

Just to be sure, deleted com_mailto component, since I am still blacklisted, as spamer :(