[EmilStenstrom]

I don't have any stats, but I imagine lots of users still connect over unencrypted ports directly to their ISP. We have to remember that most users are not like the HackerNews demographics. If you have stats that points to this conclusion being wrong I'm happy to change my mind.

[Matt_Cutts]

It looks like 80-85% of emails to/from Google are encrypted in transit, according to this page: https://www.google.com/transparencyreport/saferemail/

Encryption at rest is still a difficult UX/UI issue, but encryption during transit seems like something that most mail providers can get behind.

[jcranmer]

Note that this is MX-MX routing of emails between email providers, which sort have has to allow plaintext in practice.

The question of user-level IMAP/POP/SMTP access is different, but I'd expect somewhere in the region of 95+%. Note that the IMAP specification prohibits authentication that sends passwords in the plaintext [1] (although I don't know if the various IMAP servers permit AUTHENTICATE PLAIN before STARTTLS--checking, Outlook doesn't, and the other servers I had access to aren't open on 143 anyways), which means IMAP in practice requires SSL.

[1] The alternative is to use schemes like CRAM-MD5 or SCRAM-SHA-1 which don't send the password in plaintext, although these have become quite rare in practice.

[hannob]

Fortunately most ISPs and mail providers have disabled unencrypted logins. And many mail clients give really scary warnings if you try to use unencrypted imap or pop3.

[gruez]

...and how many people still use their ISP's mail as opposed to the "big" providers?

[jlgaddis]

Probably many more than you expect.

I was certainly surprised by how many users there were when I took over responsibility for such mail systems five years or so ago.

In our case the answer is "thousands" -- and we're relatively small.