The idea underlying it all seems nice:
I uses a distributed system much like Bittorrent, adding some "Proof of Work" computation to all messages, so sending a message is computationally non-trivial. This has two goals, one makes overcrowding the network very costly in computer power, and makes spamming expensive so much in fact that might eliminate it.
The routing is done in a way that is p2p so everybody forwards messages and everybody receives everything. This has a downside: the traffic is massive, even if you don't send anything... this may or may not be an acceptable compromise for the anonymity.
A Bitmessage address looks like this: BM-orkCbppXWSqPpAxnz6jnfTZ2djb5pJKDb
( it is a hash of the public key that you use to encrypt the message, and broadcast it). When you receive messages , you try to decrypt every message that you get and then forward them. If you successfully decrypt a message, it means it is for you. After certain time the messages are deleted and no longer forwarded.
Problems: The problem with this schema is mainly scalability as the messages go around in increasing numbers, a complete crypto-analysis of the protocol is yet to be done ... the current version is very alpha ( 0.3.5 ) so there is plenty of room for improvement.
There is a discussion of the potential flaws here , still looks very interesting...
I tried installing on the Mac, it took some time, I had to uninstall Homebrew and reinstall it again. get the source and compile it along with a brand new local installation of Python and PyQt after that I made it Work.
Like I said very alpha...
There is already a lot of people experimenting, gateways to email and even a twitter like service build on top of BitMessage called BitChirp.
My address is BM-2D7SgNUm35LpmF7fgemBExU8f6UFoHeBNj
This is a response to the flood of news about the fact that governments ( especially the US), routinely scan people's communications
RSA has warnet that their security products are no longer secure, and there is an ongoing search for new ways of online secure communications. While distributes might be the best bet, in the end if the endpoints are not secure ( Access points, routers, Internet providers), the protocol is useless as a security guard.