The spam post is question.
I set the same rules for answers/comments.
The only thing I let everybody can do is to view questions.
When I click the "anonymous" link, it contains IP address. It's not someone who named "anonymous", or anonymous-lookalike.
That really freaks me out!
More info: This is a new installation, but I already set permissions at least a week ago.
I didn't use caching.