[kanusterkund]

The problem isn't that the subject line sounds spammy, it's that the spam mails try to sound legitimate. This may in turn create problems for actually legit messages.

Maybe putting the scraped password in the subject line catches the recipients' attention.

[ocdtrekkie]

That would probably help. "Your password, xxxx, has been compromised." Even if they think it's spam, they should immediately realize they do need to change their password.

[julianj]

That's a good idea. Maybe a subject line like your password p*rd has been compromised.

[ocdtrekkie]

Password is already compromised, so this is a worthless step. And only seeing part of the password may cause them to think it's largely still secure or something. (Some people don't understand wildcards.)

[julianj]

Good point

[tripzilch]

Nonono really bad idea, because of shoulder-surfing!

[ocdtrekkie]

Since their password is already compromised publicly on the Internet, it's silly to worry about shoulder-surfing. In fact, if someone shoulder-surfs, and sees the password, the user is even more encouraged to CHANGE it.