Did you check your 'sent' folder, by any chance? If there are copies of the emails there, then most likely they simply accessed your account directly with your password - which is much more concerning (albeit easy to fix by changing all your passwords)
Whoa, thanks, I should thought of that! They sent one on the day of the access (10 June).
There are 17 other potential ones, but I had moved them to my spam folder, so I can't tell where they came from originally. Looking closer, the first email in each chain seems to come from my account, but they are spread over several days, not just the day of the access.
Unfortunately, they could have potentially accessed any other services whose "forgotten password" emails go to this one, and then deleted the replies. But it looks like an automated spam attack.
When I realized today, I now logged out all other users (there didn't seem to be any) and changed my password. Maybe I should check all my linked accounts.
EDIT The header of their email has:
Received: from PC-201004061503 ([116.30.36.239])
Where that IP is the hacker's IP. Comparing with mail I've sent, the Received line includes my IP and "with HTTP". So it looks like they weren't using the web interface, but some direct one (IMAP? POP3?). If they're a spammer, it would be automated. BTW their emails all had the same content, most of them with the subject " 请在这里编辑主题...", which I'm guessing is "buy viagra" in Chinese.
The alert mechanism looks for successful logins, not spam seen in the wild with his account as the sender, so yes, someone has definitely accessed his account...
