[raving-richard]

    Anyway, even if a encrypted anonymous message arrives for me, just working out who it's from without any metadata seems complex web of double decryption

It's simple. You can encrypt everything, including the metadata. Then, when it arrives in your box, you simply decrypt everything, and see who it's from. It doesn't have to be anonymous.

[lifeisstillgood]

How do I know which key to use to decrypt it? If there is any identifier then that is an identifier for the sender - an irrevocable one that will slowly build up a metadata trail.

Anonymity is hard if not impossible - it's why I don't think evoting can work and why this seems laudable but hard

[raving-richard]

Your software can try each key until one of them works. If none of them work, it can say "this message can't be opened with one of the keys available". Or even "this message requires key 1234 5678 to open, but it's not currently available". It's not something you need to care about. You don't need to have any information about the sender unencrypted. It's not at all necessary to deliver the message.

[lifeisstillgood]

Hmm - I get an average of 1000 messages a day, mostly spam, and I have - good grief - 4000 seperate email addresses in my inbox - and it just took 0.001 s to decode a txt file

So that's 4000 seconds to prove a message is spam

I'm not loving this idea

That can't be right ...

[rakoo]

FYI, bitmessage (https://bitmessage.org/) is a working implementation of this "Everyone Gets Everything" model. Maybe have a look at how they do things ?