I was planning to build an idea similar to this but read through the forum first and had a look at sharkbait. From reading it and thinking I decided to make a completely different system and I've just posted an
example of simple random address generation. As I read through your code I had some thoughts.
Firstly, I couldn't see the use of a standard encryption function. I haven't attempted to analyse the encryption too much, but whilst it's not plain Xor encryption, it doesn't seem sufficient to reliably hide the key. If I'm right in my understanding this introduces the weakness that the encryption key could be recovered by asking for a few email addresses (this is a known plaintext attack since the IP address is known an the clock can be easily guessed).
If I'm right then the problem with this is that then someone could do joe-jobs by forging another person's IP address. Whilst this would be some effort, once the solution became widespread it would be a serious risk.
The second thought that I had was that even if you can't forge the data, it's easy to corrupt it. Just one character change in the email address stops the decoding program working. I think this is an inherent weakness that could only be solved by spamgourmet enforcing the use of valid email addresses.
The second problem leads to a trade off. With my system you must keep logs but will probably be able to guess who spammed even if they corrupt the email address. With sharkbait you will have data without having to check back in logs, but there's a risk of curruption. Possibly both methods working together would be best?