Some users are still having problems with the pop-up login. I think they are actually getting 403s because of the CSRF protection. So I have modified the base template to always have a javascript variable called csrf_token available when they aren't logged in. The ajax_login.js script was then modified to send this value with the ajax post. Fingers crossed.

Dear {{ to_name }},

Your friend, {{ sender_name }}, wanted to send you a link to an 
interesting story found on {{ site_name }}.

{{ story_title|safe }}
http://{{ site_url }}{{ story_link }}

Thanks!
http://{{ site_url}}