1. Have you checked the mail logs to see what is sent?
2. Have you checked the account logs to see if anything suspicious is happening?
3. Does your firewall's configuration warn you of the increase in outgoing mail or is it prevented from sending mail easily?
4. Do you know if the WordPress installations (core, themes, plugins) are up-to-date?
5. Are the installations configured as complementary domains or placed in their own account?
Without direct access, most members can only guess what the problem is, but it will look to ensure that nothing has been hacked or exploited, which is common with WordPress. You will need to make sure that no backdoor is hiding anywhere, and that your IP address is not BlackListed, which will affect other clients of the server.