Simple and useful. Excellent work! If you feel the need to mitigate potential abuse, you could first send a verification email for any new recipient-email (or sender-ip / email combo) -- requiring active opt-in from the recipient. Personally I wouldn't bother unless it becomes an issue :)
Given that the 'activation' email is not _that_ much different that a notification itself... I guess the service could be activation-less (with maybe a low rate limit) without clicking an activation link on emails.
Once the user has activated, then they can include content and customisable subject (which at the moment anyone can do).
That sounds really good and hopefully wouldn't take away from the original simplicity.