Hi peeweed, PGP was created for privacy, not necessarily anonymity. The common use case is for people who are not trying to hide their identity, so providing an email address isn't a problem for them. In fact, it's extremely useful because most PGP messages are transmitted over email. You would want the email in the PGP key to match the email address you're sending to. For us it's different. Most PGP messages are posted to forms on SR or in forum posts. You don't have to provide a valid email. Most people will probably ignore it, but it can be useful, for example when the SR server goes down. If your vendor provided a valid email address, you can contact them out of band, and vice versa. I think it's generally a good idea to register a TorMail address and use that in your PGP key. I've imported a lot of PGP keys and the majority of people use what I assume is a valid TorMail address.