I have not personally confirmed any of this, as I never, EVER post via email. That is not because I am so virtuously security-aware as much as it is about my need for control, I confess.
Anyway, it seems like a good idea to read the following and consider the suggested advice if you do post by email.
Is somebody hacking into your account and posting spam??
Changing your email address and your password (or even your url) still isn’t working?? [In other words, none of the listed actions have served as an effective remediation for your hacked status ;o) ]
Spammers don’t even have to log into your account. This is the solution (given to me by the lovely chan):
Go to your blog settings.
Scroll down until you see this:
What spammers are doing is emailing that email in order to post!! Reset your email twice or even three times just to be safe, if you continue to have a spam issue (and don’t forget to hit save at the bottom).
So far it’s worked on my own blog and on a few others with a similar issue. If they end up getting into our accounts again we’ll look into another solution!!
I thought about this today in the shower and whaddaya know, someone’s doing it already.