[upofadown]

>...someone able to intercept the emails would be able to tell they were all signed by the same key and thus presumably related even if the email addresses were totally separate.

Sorry to spoil your otherwise good example with a quibble, but PGP protects the signature with the encryption. S/MIME protects the signature normally, but it has a rarely used thing that works like signing the envelope that would presumably be available to the attacker. So you were probably referring to an S/MIME envelope signature in your example... :)

[rainsford]

You're not wrong, but you'll also notice I didn't mention any specific email encryption protocols, deliberately so because the question was about general use-cases for signatures that don't reveal the public key used to create them, not whether any particular protocol is susceptible to such an attack. Certainly you can construct a protocol that preserves signer privacy, but the point is that you have to take extra steps to do so because it's not an inherent property of the signature algorithm. And I think the point of the article is that a naive implementation of signatures might not account for that fact.