-----BEGIN PGP SIGNED MESSAGE-----
Suppose an encryption-savvy mail transport agent, say ESMTP, was developed. Further suppose that part of handshaking protocol for this transport protocol included an ENCRYPTED reverse lookup on IP identities to check that the message is actually coming from where it claims it's coming from. Suppose again that the results of this lookup were only checked for correctness (boolean), and then discarded WITHOUT LOGGING, or at least with minimal logging.
[. . .]
In this model, one could provide anonymous transportation of anonymous mail FOR EVERY MACHINE ON INTERNET providing that the original message wasn't forged.
It looks to me like you've "supposed" away the real obstacle to anonymous messages - the practice of logging traffic. Once you assume that people won't keep logs, the rest of the protocol is unnecessary - everyone's got anonymous messaging capability already. Forgery prevention is more useful when it's user-to-user, not host-to-host; we can do this already with PGP. The tricky part is finding a way to preserve anonymity where the majority of sites on the Internet continue to log traffic carefully, refuse to install new software (especially anon-positive software), and are administrated by people with simplistic and outdated ideas about identity and punishment. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLkZ7wH3YhjZY3fMNAQH3FQP9FWac8oASgwTJp4rI9fRLHsAXEVXKdNDE jwDzSYTy38ZJnaa1kBYpsqJzrPnFdYNY6t2vlIjNmZMHOevarfkwF+uKabJxah1L Wt1rlkN06P8XpgsYVGTre1L28/HB+NtrEImTm9OzQGx+LRdY0OqLW1U/vSPwOjqw /DeLaSNzBnE= =bdDT -----END PGP SIGNATURE-----