That IP > Yes
No content but probably links.. What you do not know : never click (hover mouse and look what/where it goes to)
But go into admin/security settings use banflood, 10 would be normal, but you may go lower (min 3 i would say)
User registration when allowed? Confirmations required etc...captcha use on all cases maybe except admin
text part HTML and script use > strict as possible> too strict could pose some trouble when you add something in posts etc.. That
is a testcase ....
Go trough the preference settings and look what you can do.
Make very sure that your folders and files have correct chmod settings (as low as possible no 777 anywhere best would be 600-644.
iN regards to the received mails : check what you implemented smtp or php; although i am not aware of a recent issue with it; there always mail address harvesters, so a publicly seen mailadres can be an issue; Go to the cPanel or alike, and use some (diffs for servers so general answer) mail filters and make sure only 1 or 2 main addresses can use mail example: admin at domain > no; info at domain (not needed?) no etc... you get the idea you could than use redirecting into spam folder direct on server level.etc...
Using contact page> use captcha, and restrict use of it when users are present, who can do what (admin/users mail and classes etc..)