Let's say for the sake of argument that his account was compromised.
Why lock him out? Wouldn't it make the most sense to let him get in and change his password?
If your answer is 'because the spammer/bot might change his password', realize it would be impossible to detect a spammer/bot before they start spamming, so once the bot has your password, it can login and change your password before it starts spamming. But most bots don't seem to do that.
Or lock the account such that no new email can be sent, but email can be received. At least then you aren't locked out of your archive for the last X years of your life.
Why lock him out? Wouldn't it make the most sense to let him get in and change his password?
If your answer is 'because the spammer/bot might change his password', realize it would be impossible to detect a spammer/bot before they start spamming, so once the bot has your password, it can login and change your password before it starts spamming. But most bots don't seem to do that.
Or lock the account such that no new email can be sent, but email can be received. At least then you aren't locked out of your archive for the last X years of your life.