How about this attack: suppose I want to find out who hides behind an alias MightyPig@alpha.c2.org and I have the ability to monitor all internet traffic. Then I simply start mailbombing that address and see whose account gets unusually high traffic volume. A nice, albeit quite expensive, way of pretection from traffic analysis is to create a mailing list (or a newsgroup) and forward all messages to all users of that mailing list or newsgroup. Of course, since messages are encrypted, only the recipients will be able to decrypt them. This way the list of suspects is all subscribers of that list or newsgroup and there is no way to discriminate them. Instead of having messages to be sent to all recipients all the time, alpha.c2.org may be programmed so that it sends out every message not to only one recipient X, but to X and 20 other randomly selected people. It apparently makes traffic analysis much harder. Then users of alpha.c2.org will have to install mail filters that automatically delete all incoming mail not intended to be read by them (they can't read such messages anyway). - Igor.