I think you already know this, but it bears repeating - it must be possible to turn the anonymous feature off.
One of furfly's sites used to have a "email this article to a friend" feature which allowed the user to enter their name and e-mail address, so all users could use it. Someone sent an article about priests abusing children and gave the from address as whodoyouknowwhohasdonethis@somewhere (I forget the domain they used). The recipient took this as harrassment (probably correctly!) and reported it to the police; it came back to us in the form of a subpoena for information about users of the system. The emailing of articles has been deactivated on this site, for obvious reasons, and if the client ever decides to do it again it will only be available to registered users.
The ironic thing about the whole experience was that they were specifically asking for information about people who had access to our mail server, because that's the system it came from. We told our lawyer repeatedly that they were asking the wrong questions, but being a lawyer he wasn't about to volunteer any information to the other side. So I don't think they ever tracked down the person who did this. Whether they should or should not have been able to is of course open to debate, but I was quite amazed by the gross lack of technical understanding among people who were investigating a technology crime.
