Hal writes, on the subject of filler messages
It is true that user messages can be distinguished from dummy ones when they are on their first or last stage in the chain; on the first stage, they are the only messages coming from non-remailer addresses, and on the last stage they are the only messages going to non-remailer addresses. One way to fix this would be, instead of having the final destination of the message be a "bit bucket" address, to instead choose a random Internet address (say, from one of the "whois"-type databases), and to send a message whose body starts with "Test message, please ignore". With the tens or hundreds of thousands of addresses available (and with the geometric growth of the Internet), it should not be necessary ever to repeat an address. So perhaps this slight annoyance to Internet users would be tolerable. Only a small fraction of users would ever receive such a message.
This is a way to increase the public's annoyance with remailers, when what we need to do is increase their acceptance of them. It also doesn't work - a cleartext message saying "Please ignore" is visible to any eavesdropper, an encrypted message to a real person is annoying and non-readable, and an encrypted message to a bogus person will usually generate bounce-mail (which is obvious to eavesdroppers), or will at least drop on an operator's floor, annoying the operator. If we can get a reasonable number of remailers operating, it makes much more sense to have standard bit-bucket addresses, and if we want to get more traffic to sites that aren't obviously remailers, we need to get their permission. This can either be done by asking people (which the Bad Guys can watch), or perhaps by providing some semi-useful service, like a netnews test sink or mail-a-joke or something; even those tend to be obvious - unless they can also be remailers or at least require crypto or other illegible data input. Bill Stewart