I enabled post by email when I first created blog. There was a secret email address which was generated by wordpress . I never used that email really except once for testing in fact I posted a test blog “Testing from Email” around Feb 27th 2010. That email address was exposed some how some where. If you send to that email it will directly post in the blog. At last after 50 minutes I can relax saying my account was not compromised .
The lesson learned dont enable email posting into your own blog. If you do just make sure it is not exposed any where.
Just now I removed Email Posting Feature from my blog lets see if those guys come back …?
This last 50 minutes reminded my olden days when I was working as Production DBA going through production issues…