As I argued recently elsewhere, the security of remailers is poor for
the following rather straightforward reason: If one sends an email through
a chain of remailer nodes, the email of course has to go initially to
the first
node of that chain. On arrival at the router of that node, the entire
email (the whole data packge, i.e. more than what one sees in the normal
email
window) contains the IP-address of the sender in the clear. So, if
the agencies tap at that location, or more conviently at the provider
side of the said node, then the sender of the email will be known to them
and this alone is a serious breach of security. (Whether the agencies could
eventually somehow also gain more information than that is not essential
for
the current context.)

One could on the other hand send materials from callshops or internetcafes,
thus not using one's own IP-address, and send encrypted stuffs (preferrably
with authentication) to such
Usenet groups as alt.anonymous.messages and let the recipient collect them
according e.g. to certain agreed upon characteristics in the subject
lines at
similar neutral locations. This way, both partners remain genuinely not
trackable.

M. K. Shen