Re: PGP is not security
A certain amount of metadata has to be in the clear, otherwise how does a public mail server know how to route your email? It at the very least needs to know what domain to send it to. So maybe metadata encrypted with a public key for that domain, then the server in that domain can route it to the appropriate user.
It can be hidden right now, with current tech, but both the sending and receiving MTAs have to support TLS.
Sender sends his email via SMTP to his outbound SMTP server. He does so via TLS.
Sending SMTP server initiates connection to receiving SMTP server, via TLS.
Send email over secure channel.
Receiving person check inbox via IMAP, using TLS.
The thing is, this will probably leak information in the sense that you will see a something sent to sending smtp, then a something of similar size being sent to the destination, so you can still infer who is getting the email even if you can't read the metadata.