[deepsun]

And Email protocol backbone itself was not designed to be secure.

It's worse than internet packets over HTTPS -- the secure connection is established between client and server, so man-in-the-middle cannot decrypt it. In email, connections are only secure between relays, so any relay can decrypt read your email. You cannot guarantee what relays are used. Similar to SMS.

[FireBeyond]

This might have been the case back in the day - in the 90s, young me would get a kick out of seeing just how many SMTP servers my email passed through. But now, email communication is "essentially" point-to-point, and relays in use are configured/whitelisted.

My SMTP server will pull up your MX and talk directly to it. It might be your Exchange server, a Google server, or a third-party scanner that then sends on to your "real" MX.

But gone are the days of "Hey, I only know a few places to send this message, so I'll send to one of them and they'll forward it". Nor can you do anything akin to route poisoning or other things to try to insert yourself into the message flow.

[deepsun]

That's good to hear, however, as a compliance officer, what evidence I can provide to an auditor that our email communications are indeed encrypted?