I think we are pretty secure here. I understand our email is run through something called a 'hashing routine', and is only saved as a more or less incomprehensible string of characters. If you are contacted in any way by the administration, it will be done without their knowing your email addy. This came up years ago, and that was the answer we received.
On the contact you had, copy the message and sender and send it to 'contact us'. I'm sure this isn't going to be tolerated.