as I recently mentioned in the FuzzyOcr Thread, I found quite a lot mails that contain broken or corrupted gifs.
Until we have a better answer, I'd reject anything with an unrecognizable format. It might be an attempt to exploit an overflow bug in an older copy of IE.
Similarly, I'm a fan of validating HTML and rejecting broken stuff, but that would reject a lot of stuff created by MS software. OTOH....