Your receiving email address should be completely hidden in the source code, so no worries there.
To block an IP address would be something you would need to do at a server level. I have no idea how you would block specific email addresses from using the form, but again likely something at a server level.
To include the IP number in the email there was a reply given when you last asked this question a couple years ago, though I vaguely recall Norm saying it was something he would include as a standard option.