diff --git a/components/com_content/helpers/icon.php b/components/com_content/helpers/icon.php
index e3b730003f467..4e570c328e679 100644
--- a/components/com_content/helpers/icon.php
+++ b/components/com_content/helpers/icon.php
@@ -73,7 +73,8 @@ public static function email($article, $params, $attribs = array(), $legacy = fa
 		$link     = $base . JRoute::_(ContentHelperRoute::getArticleRoute($article->slug, $article->catid, $article->language), false);
 		$url      = 'index.php?option=com_mailto&tmpl=component&template=' . $template . '&link=' . MailtoHelper::addLink($link);
 
-		$status = 'width=400,height=350,menubar=yes,resizable=yes';
+		$height = JFactory::getApplication()->get('captcha', '0') === '0' ? 450 : 550;
+		$status = 'width=400,height=' . $height . ',menubar=yes,resizable=yes';
 
 		$text = JLayoutHelper::render('joomla.content.icons.email', array('params' => $params, 'legacy' => $legacy));
 
diff --git a/components/com_mailto/controller.php b/components/com_mailto/controller.php
index 3f2b861feab1d..9d82d9ce74556 100644
--- a/components/com_mailto/controller.php
+++ b/components/com_mailto/controller.php
@@ -12,9 +12,7 @@
 /**
  * Mailer Component Controller.
  *
- * @package     Joomla.Site
- * @subpackage  com_mailto
- * @since       1.5
+ * @since  1.5
  */
 class MailtoController extends JControllerLegacy
 {
@@ -23,12 +21,10 @@ class MailtoController extends JControllerLegacy
 	 *
 	 * @return  void
 	 *
-	 * @since 1.5
+	 * @since   1.5
 	 */
 	public function mailto()
 	{
-		$session = JFactory::getSession();
-		$session->set('com_mailto.formtime', time());
 		$this->input->set('view', 'mailto');
 		$this->display();
 	}
@@ -46,24 +42,34 @@ public function send()
 		$this->checkToken();
 
 		$app     = JFactory::getApplication();
-		$session = JFactory::getSession();
-		$timeout = $session->get('com_mailto.formtime', 0);
+		$model   = $this->getModel('mailto');
+		$data    = $model->getData();
 
-		if ($timeout == 0 || time() - $timeout < 20)
+		// Validate the posted data.
+		$form = $model->getForm();
+
+		if (!$form)
 		{
-			JError::raiseNotice(500, JText::_('COM_MAILTO_EMAIL_NOT_SENT'));
+			JError::raiseError(500, $model->getError());
 
-			return $this->mailto();
+			return false;
 		}
 
-		$SiteName = $app->get('sitename');
-		$link     = MailtoHelper::validateHash($this->input->get('link', '', 'post'));
-
-		// Verify that this is a local link
-		if (!$link || !JUri::isInternal($link))
+		if (!$model->validate($form, $data))
 		{
-			// Non-local url...
-			JError::raiseNotice(500, JText::_('COM_MAILTO_EMAIL_NOT_SENT'));
+			$errors = $model->getErrors();
+
+			foreach ($errors as $error)
+			{
+				$errorMessage = $error;
+
+				if ($error instanceof Exception)
+				{
+					$errorMessage = $error->getMessage();
+				}
+
+				$app->enqueueMessage($errorMessage, 'error');
+			}
 
 			return $this->mailto();
 		}
@@ -77,24 +83,16 @@ public function send()
 			'cc:'
 		);
 
-		// An array of the input fields to scan for injected headers
-		$fields = array(
-			'mailto',
-			'sender',
-			'from',
-			'subject',
-		);
-
 		/*
 		 * Here is the meat and potatoes of the header injection test.  We
 		 * iterate over the array of form input and check for header strings.
 		 * If we find one, send an unauthorized header and die.
 		 */
-		foreach ($fields as $field)
+		foreach ($data as $key => $value)
 		{
 			foreach ($headers as $header)
 			{
-				if (strpos($_POST[$field], $header) !== false)
+				if (strpos($value, $header) !== false)
 				{
 					JError::raiseError(403, '');
 				}
@@ -106,25 +104,36 @@ public function send()
 		 */
 		unset($headers, $fields);
 
-		$email           = $this->input->post->getString('mailto', '');
-		$sender          = $this->input->post->getString('sender', '');
-		$from            = $this->input->post->getString('from', '');
-		$subject_default = JText::sprintf('COM_MAILTO_SENT_BY', $sender);
-		$subject         = $this->input->post->getString('subject', '') !== '' ? $this->input->post->getString('subject') : $subject_default;
+		$siteName = $app->get('sitename');
+		$link     = MailtoHelper::validateHash($this->input->post->get('link', '', 'post'));
+
+		// Verify that this is a local link
+		if (!$link || !JUri::isInternal($link))
+		{
+			// Non-local url...
+			JError::raiseNotice(500, JText::_('COM_MAILTO_EMAIL_NOT_SENT'));
+
+			return $this->mailto();
+		}
+
+		$subject_default = JText::sprintf('COM_MAILTO_SENT_BY', $data['sender']);
+		$subject         = $data['subject'] !== '' ? $data['subject'] : $subject_default;
 
 		// Check for a valid to address
 		$error = false;
 
-		if (!$email || !JMailHelper::isEmailAddress($email))
+		if (!$data['emailto'] || !JMailHelper::isEmailAddress($data['emailto']))
 		{
-			$error = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $email);
+			$error = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $data['emailto']);
+
 			JError::raiseWarning(0, $error);
 		}
 
 		// Check for a valid from address
-		if (!$from || !JMailHelper::isEmailAddress($from))
+		if (!$data['emailfrom'] || !JMailHelper::isEmailAddress($data['emailfrom']))
 		{
-			$error = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $from);
+			$error = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $data['emailfrom']);
+
 			JError::raiseWarning(0, $error);
 		}
 
@@ -135,19 +144,19 @@ public function send()
 
 		// Build the message to send
 		$msg  = JText::_('COM_MAILTO_EMAIL_MSG');
-		$body = sprintf($msg, $SiteName, $sender, $from, $link);
+		$body = sprintf($msg, $siteName, $data['sender'], $data['emailfrom'], $link);
 
 		// Clean the email data
 		$subject = JMailHelper::cleanSubject($subject);
 		$body    = JMailHelper::cleanBody($body);
 
 		// To send we need to use punycode.
-		$from  = JStringPunycode::emailToPunycode($from);
-		$from  = JMailHelper::cleanAddress($from);
-		$email = JStringPunycode::emailToPunycode($email);
+		$data['emailfrom'] = JStringPunycode::emailToPunycode($data['emailfrom']);
+		$data['emailfrom'] = JMailHelper::cleanAddress($data['emailfrom']);
+		$data['emailto']   = JStringPunycode::emailToPunycode($data['emailto']);
 
 		// Send the email
-		if (JFactory::getMailer()->sendMail($from, $sender, $email, $subject, $body) !== true)
+		if (JFactory::getMailer()->sendMail($data['emailfrom'], $data['sender'], $data['emailto'], $subject, $body) !== true)
 		{
 			JError::raiseNotice(500, JText::_('COM_MAILTO_EMAIL_NOT_SENT'));
 
diff --git a/components/com_mailto/models/forms/mailto.xml b/components/com_mailto/models/forms/mailto.xml
new file mode 100644
index 0000000000000..0469129f7f509
--- /dev/null
+++ b/components/com_mailto/models/forms/mailto.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<form>
+	<fieldset name="default">
+		<field
+			name="emailto"
+			type="email"
+			label="COM_MAILTO_EMAIL_TO"
+			filter="string"
+			required="true"
+			size="30"
+			validate="email"
+			autocomplete="email"
+		/>
+
+		<field
+			name="sender"
+			type="text"
+			label="COM_MAILTO_SENDER"
+			filter="string"
+			required="true"
+			size="30"
+		/>
+
+		<field
+			name="emailfrom"
+			type="email"
+			label="COM_MAILTO_YOUR_EMAIL"
+			filter="string"
+			required="true"
+			size="30"
+			validate="email"
+			autocomplete="email"
+		/>
+
+		<field
+			name="subject"
+			type="text"
+			label="COM_MAILTO_SUBJECT"
+			filter="string"
+			required="true"
+			size="30"
+		/>
+
+		<field
+			name="captcha"
+			type="captcha"
+			label="COM_MAILTO_CAPTCHA"
+			validate="captcha"
+		/>
+	</fieldset>
+</form>
diff --git a/components/com_mailto/models/mailto.php b/components/com_mailto/models/mailto.php
new file mode 100644
index 0000000000000..428c157456367
--- /dev/null
+++ b/components/com_mailto/models/mailto.php
@@ -0,0 +1,104 @@
+<?php
+/**
+ * @package     Joomla.Site
+ * @subpackage  com_users
+ *
+ * @copyright   Copyright (C) 2005 - 2018 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * Mailto model class.
+ *
+ * @since  __DEPLOY_VERSION__
+ */
+class MailtoModelMailto extends JModelForm
+{
+	/**
+	 * Method to get the mailto form.
+	 *
+	 * The base form is loaded from XML and then an event is fired
+	 * for users plugins to extend the form with extra fields.
+	 *
+	 * @param   array    $data      An optional array of data for the form to interrogate.
+	 * @param   boolean  $loadData  True if the form is to load its own data (default case), false if not.
+	 *
+	 * @return  JForm	A JForm object on success, false on failure
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function getForm($data = array(), $loadData = true)
+	{
+		// Get the form.
+		$form = $this->loadForm('com_mailto.mailto', 'mailto', array('load_data' => $loadData));
+
+		if (empty($form))
+		{
+			return false;
+		}
+
+		return $form;
+	}
+
+	/**
+	 * Method to get the data that should be injected in the form.
+	 *
+	 * @return  array  The default data is an empty array.
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	protected function loadFormData()
+	{
+		$user = JFactory::getUser();
+		$app  = JFactory::getApplication();
+		$data = $app->getUserState('mailto.mailto.form.data', array());
+
+		$data['link'] = urldecode($app->input->get('link', '', 'BASE64'));
+
+		if ($data['link'] == '')
+		{
+			JError::raiseError(403, JText::_('COM_MAILTO_LINK_IS_MISSING'));
+
+			return false;
+		}
+
+		// Load with previous data, if it exists
+		$data['sender']    = $app->input->post->getString('sender', '');
+		$data['subject']   = $app->input->post->getString('subject', '');
+		$data['emailfrom'] = JStringPunycode::emailToPunycode($app->input->post->getString('emailfrom', ''));
+		$data['emailto']   = JStringPunycode::emailToPunycode($app->input->post->getString('emailto', ''));
+
+		if (!$user->guest)
+		{
+			$data['sender']    = $user->name;
+			$data['emailfrom'] = $user->email;
+		}
+
+		$app->setUserState('mailto.mailto.form.data', $data);
+
+		$this->preprocessData('com_mailto.mailto', $data);
+
+		return $data;
+	}
+
+	/**
+	 * Get the request data
+	 *
+	 * @return  array  The requested data
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	public function getData()
+	{
+		$input = JFactory::getApplication()->input;
+
+		$data['emailto']   = $input->get('emailto', '', 'string');
+		$data['sender']    = $input->get('sender', '', 'string');
+		$data['emailfrom'] = $input->get('emailfrom', '', 'string');
+		$data['subject']   = $input->get('subject', '', 'string');
+
+		return $data;
+	}
+}
diff --git a/components/com_mailto/views/mailto/tmpl/default.php b/components/com_mailto/views/mailto/tmpl/default.php
index dce72c893fc78..5a828e75112eb 100644
--- a/components/com_mailto/views/mailto/tmpl/default.php
+++ b/components/com_mailto/views/mailto/tmpl/default.php
@@ -12,23 +12,6 @@
 JHtml::_('behavior.core');
 JHtml::_('behavior.keepalive');
 
-$data = $this->get('data');
-
-JFactory::getDocument()->addScriptDeclaration("
-	Joomla.submitbutton = function(pressbutton)
-	{
-		var form = document.getElementById('mailtoForm');
-
-		// do field validation
-		if (form.mailto.value == '' || form.from.value == '')
-		{
-			alert('" . JText::_('COM_MAILTO_EMAIL_ERR_NOINFO', true) . "');
-			return false;
-		}
-		form.submit();
-	}
-");
-
 ?>
 <div id="mailto-window">
 	<h2>
@@ -41,44 +24,29 @@
 			</span>
 		</a>
 	</div>
-	<form action="<?php echo JUri::base(); ?>index.php" id="mailtoForm" method="post">
-		<div class="formelm">
-			<label for="mailto_field">
-				<?php echo JText::_('COM_MAILTO_EMAIL_TO'); ?>
-			</label>
-			<input type="text" id="mailto_field" name="mailto" class="inputbox" size="25" value="<?php echo $this->escape($data->mailto); ?>"/>
-		</div>
-		<div class="formelm">
-			<label for="sender_field">
-				<?php echo JText::_('COM_MAILTO_SENDER'); ?>
-			</label>
-			<input type="text" id="sender_field" name="sender" class="inputbox" value="<?php echo $this->escape($data->sender); ?>" size="25" />
-		</div>
-		<div class="formelm">
-			<label for="from_field">
-				<?php echo JText::_('COM_MAILTO_YOUR_EMAIL'); ?>
-			</label>
-			<input type="text" id="from_field" name="from" class="inputbox" value="<?php echo $this->escape($data->from); ?>" size="25" />
-		</div>
-		<div class="formelm">
-			<label for="subject_field">
-				<?php echo JText::_('COM_MAILTO_SUBJECT'); ?>
-			</label>
-			<input type="text" id="subject_field" name="subject" class="inputbox" value="<?php echo $this->escape($data->subject); ?>" size="25" />
-		</div>
-		<p>
-			<button type="button" class="button" onclick="return Joomla.submitbutton('send');">
-				<?php echo JText::_('COM_MAILTO_SEND'); ?>
-			</button>
-			<button type="button" class="button" onclick="window.close();return false;">
-				<?php echo JText::_('COM_MAILTO_CANCEL'); ?>
-			</button>
-		</p>
+	<form action="<?php echo JRoute::_('index.php?option=com_mailto&task=send'); ?>" method="post" class="form-validate form-horizontal well">
+		<fieldset>
+			<?php foreach ($this->form->getFieldset('') as $field) : ?>
+				<?php if (!$field->hidden) : ?>
+					<?php echo $field->renderField(); ?>
+				<?php endif; ?>
+			<?php endforeach; ?>
+			<div class="control-group">
+				<div class="controls">
+					<button type="submit" class="btn btn-primary validate">
+						<?php echo JText::_('COM_MAILTO_SEND'); ?>
+					</button>
+					<button type="button" class="button" onclick="window.close();return false;">
+						<?php echo JText::_('COM_MAILTO_CANCEL'); ?>
+					</button>
+				</div>
+			</div>
+		</fieldset>
 		<input type="hidden" name="layout" value="<?php echo htmlspecialchars($this->getLayout(), ENT_COMPAT, 'UTF-8'); ?>" />
 		<input type="hidden" name="option" value="com_mailto" />
 		<input type="hidden" name="task" value="send" />
 		<input type="hidden" name="tmpl" value="component" />
-		<input type="hidden" name="link" value="<?php echo $data->link; ?>" />
+		<input type="hidden" name="link" value="<?php echo $this->link; ?>" />
 		<?php echo JHtml::_('form.token'); ?>
 	</form>
 </div>
diff --git a/components/com_mailto/views/mailto/view.html.php b/components/com_mailto/views/mailto/view.html.php
index 893a3faa956be..0514789e4e78b 100644
--- a/components/com_mailto/views/mailto/view.html.php
+++ b/components/com_mailto/views/mailto/view.html.php
@@ -27,62 +27,9 @@ class MailtoViewMailto extends JViewLegacy
 	 */
 	public function display($tpl = null)
 	{
-		$data = $this->getData();
-
-		if ($data === false)
-		{
-			return false;
-		}
-
-		$this->set('data', $data);
+		$this->form = $this->get('Form');
+		$this->link = urldecode(JFactory::getApplication()->input->get('link', '', 'BASE64'));
 
 		return parent::display($tpl);
 	}
-
-	/**
-	 * Get the form data
-	 *
-	 * @return  object
-	 *
-	 * @since  1.5
-	 */
-	protected function &getData()
-	{
-		$user = JFactory::getUser();
-		$app  = JFactory::getApplication();
-		$data = new stdClass;
-
-		$input      = $app->input;
-		$method     = $input->getMethod();
-		$data->link = urldecode($input->$method->get('link', '', 'BASE64'));
-
-		if ($data->link == '')
-		{
-			JError::raiseError(403, JText::_('COM_MAILTO_LINK_IS_MISSING'));
-
-			return false;
-		}
-
-		// Load with previous data, if it exists
-		$mailto  = $app->input->post->getString('mailto', '');
-		$sender  = $app->input->post->getString('sender', '');
-		$from    = $app->input->post->getString('from', '');
-		$subject = $app->input->post->getString('subject', '');
-
-		if ($user->get('id') > 0)
-		{
-			$data->sender = $user->get('name');
-			$data->from   = $user->get('email');
-		}
-		else
-		{
-			$data->sender = $sender;
-			$data->from   = JStringPunycode::emailToPunycode($from);
-		}
-
-		$data->subject = $subject;
-		$data->mailto  = JStringPunycode::emailToPunycode($mailto);
-
-		return $data;
-	}
 }
diff --git a/language/en-GB/en-GB.com_mailto.ini b/language/en-GB/en-GB.com_mailto.ini
index 8eb5596a54100..16c6fd1f15712 100644
--- a/language/en-GB/en-GB.com_mailto.ini
+++ b/language/en-GB/en-GB.com_mailto.ini
@@ -5,6 +5,7 @@
 
 COM_MAILTO="Mailto"
 COM_MAILTO_CANCEL="Cancel"
+COM_MAILTO_CAPTCHA="Captcha"
 COM_MAILTO_CLOSE_WINDOW="Close Window"
 COM_MAILTO_EMAIL_ERR_NOINFO="Please provide a valid email address."
 COM_MAILTO_EMAIL_INVALID="The address '%s' does not appear to be a valid email address."