Wrapping up:
- Diazo themes make the default spamprotect.py protection useless, since they translate the hex codes in plain text, thus producing a "plain" mailto link;
- No easy way to work around this;
Solved in my case removing email validation constraints from FacultyStaffDirectory and entering in the email field a link to a mailhide recaptcha protecting the email address.
Can be also better solved exploiting mailhide APIs, but it's a bit overkill for my own needs.