Ok, false alarm. I just got a bunch of delayed payout notifications, and they match amounts that I had sent to my address on the blockchain. Someone must have restarted a dead smtp server and a bunch of old mail got sent out. It's looking like some sites using CloudFlare are rewriting all IP addresses for incoming traffic also. So you'll never see your own IP address if you have login notifications enabled.
Sorry if this freaked anyone out. Here is the IP address that just logged in as me to an EMC2 pool:
http://dazzlepod.com/ip/173.245.55.67/ Clearly owned by cloudflare. Cloudflare is a service used by lots of altcoin mining and exchanges to protect against DDoS.
Here is a screenshot of the notification they logged in as me.
http://imgur.com/4R1w7pvCloudFlare owns that IP address. So either CloudFlare has been hacked, or CloudFlare is logging into services they protect to steal coins.
There's no other explanation.