Metadata being available to the server isn't ideal, but a hub and spoke architecture where the hub has no knowledge of which spokes are talking is, if not impossible, then at least very hard, surely?
I feel like the first step is consistent encryption, then figuring out hiding meta data. Proxys that strip meta + delay emails to fuzz that might be a solution.
Agreed. In fact, if consistent E2E encryption could be assumed, then the proxies could be implemented as simply a dedicated address on each server.
For example, suppose alice@example wants to send an encrypted message to bob@server. Alice's client could wrap the message to Bob as an encrypted payload to a message addressed to switchboard@server, so that her provider doesn't learn Bob's address, and her provider could replace her metadata with switchboard@example before sending it to Bob's, so that it doesn't learn Alice's address.
On the other hand, TLS by default would be nice