Why can't the remailers themselves send encrypted mail to each other totally masking the incoming messages? Each remailer can have a public/private key associated with every other remailer on the network, with full pgp type signatures to prove they came from a remailer and not a spook or nym? Each remailer has a fingerable public key. When remailer x sends a message to remailer y, it encrypts it with y's public key after fingering y, and also signs the message. Y could also be a paranoid remailer, and if it doesn't know X, it could tell it to go stick its message up its SCSI port. :-) All these ideas along with trash junk mail being sent every few minutes could work. Even better, have each remailer send a specific number of messages to each of the other remailers on the network. These messages would be bogus messages, however, there would be a fixed number of them. If a real nym message arrives, it is sent to the next mailer up the chain, as part of the n (n-1 now) that are bogus. That way a spook couldn't tell where a message was going since he couldn't count the number of messages going out of the mailer. Also if a target remailer has n real messages to be sent to, any messages over that assigned packet size of messages get spooled for the next round of bogus mail. This way each remailer will send exactly n messages to every other remailer on the net every specified period of time. What kind of analysis can be done with this sort of scheme?