Like most messaging services, Signal has relied on the "from" address in message headers to prevent the spoofing of user identities and to limit spam and other types of abuse on the platform. Sealed sender, which puts most user information inside the encrypted message, uses two new devices to get around this potential privacy risk:

Senders periodically retrieve short-lived sender certificates that store the sender's phone number, public key, and expiration timestamp. The certificates are included inside the encrypted envelope, along with the message contents. Once the sender certificate is decrypted, message recipients can use it to mathematically verify the validity of the sender. But because this certificate is encrypted on the receiver's device and isn't decrypted until after it arrives on the receiver's device, Signal servers have no way of knowing who has sent the message.

Delivery tokens derived from the sender's profile key are used to prevent abuse. Before a user can transmit a message that strips the "from" address out of the header, the user must prove she has access to the delivery token. Because Signal profiles are end-to-end encrypted, valid tokens can only be created by a person or group that's already in the receiver's contacts. In the event a sender starts sending spam or other types of abuse, the receiver can simply block that person.

Users who want to receive sealed-sender messages from non-contacts can choose an optional setting that doesn't require the sender to present a delivery token. This setting opens a user up to the possibility of increased abuse, but for journalists or others who rely on Signal to communicate with strangers, the risk may be acceptable.

[...] Even under the sealed sender, observers said, Signal will continue to map sender's IP addresses. That information, combined with recipient IDs and message times, means the Signal continues to leave a wake of potentially sensitive metadata. Still, by removing the "from" information from the outside of Signal messages, the service is incrementally raising the bar.