Let's say you have in your site a link as
<a class="stylish-class" href="firstname.lastname@example.org" title="c'mon mail me!" target="_blank">mail me</a>.
It is obfuscated while WordPress is building the page, using WordPress hook system. Everybody (real browsers, spam harvesters and spam crawlers) will receive an obfuscated string:
<span id="hkmuob-id-2709" class="hkmuob_noscript">mail me (no<span class="HkMuob_display"> NULL</span>.spam<span class="HkMuob_display"> null</span>@<span class="HkMuob_display">null </span>spam<span class="HkMuob_display"> NULL</span>.com)</span>, which is pretty much unreadable and looks like anything but a link.