I have received a total of 2 complaints about this, but the last one was a bit harsh.
I am assuming that you may be referring to me? If my complaint to you was harsh, it was because of your initial flippant response to what I believe is a legitimate security and privacy concern. Only then did I become harsh. In any case, I never said that you did not need to know who sent a message and I understand and accept those reasons.
You might have thought the oppression of communist peoples was caused by this bit of public information.
That's still the problem with you, right? You think that the login id is "public" information?? It is not, especially if one is using a forwarding email address. Again, I don't have a problem with you knowing who sent email through your SMTP server; I am a not a spammer or abuser of email.
In any case, I've revisited the issue, and with a fresh look was able to implement masking of your 'real address/login name' without any trouble.
Thanks for that. It does seem, though, that the final key is the same for all email messages sent. May I suggest that if you want to do the full measure, you use a randomized key for each user that you save in their database account and then create an SHA1 (better would be RIPEMD160! Even better would be SHA256; NOT MD5!) hash using that random ID with the message ID (which must be unique for all messages, according to the SMTP RFCs) and maybe the username to create a unique key value that you would be able to then decipher with very little effort if the need would arise. This way, you keep your ability to identify the user if you must, but the user keeps their privacy and all are happy.
In reality, it will only protect your 'true' email address from public lists where you may be using an alias, or your email address is obfuscated by that system.
That is all I was ever asking for.