Just when you thought it was safe to go back into the blogosphere, Jacques Distler tells us there's yet another spam vulnerability in MT: The web's most popular bloghosting platform can be used to send email, anonymously to anyone.

And what's worse, there's no fix:

Spammers can still send as much email as they want, with arbitrary message body content, to whomever they want, and do so completely anonymously. The only thing they can’t get rid of is the subject line ... which serves only to sully your reputation ...

Ben has posted a slightly improved version but it's only a partial fix. Unless you have good reason to use the email-this-page feature of MT, the consensus is that you should remove or disable the CGI until further notice.