[nlp]

Nobody seems to be talking about SMTP...

SMTP is the protocol that is used for basically all email, and it does not provide encryption. There are versions of the protocol that DO, however they cannot be used in isolation. Emails hop from source to destination via a bunch of SMTP relay servers, and since nearly all SMTP servers support the legacy protocol and do not support key exchange, encrypted SMTP traffic will bounce.

When you use gmail, your connection to Google is secure. But if the recipient of your message is not @gmail.com, the message leaves Google's servers in plain text over SMTP. If the recipient is @gmail.com, the message stays inside the Google network.

The point is, all of our emails traverse the internet in plain text unless we use custom solutions (eg. PGP at both endpoints) or send emails within a network (eg. Gmail to Gmail).

[jlgaddis]

Google's (outgoing) servers will use STARTTLS if it is advertised by the destination mail server.

[ams6110]

You still have to assume that an ordinary email is a clear-text communication, no matter who you are sending it to, unless you are using PGP or S/MIME.

[psc]

Never knew, do you a have a source on this? Not that I don't believe you, I just want to read more about it. A Chrome extension that shows you if STARTTLS is being used would be really neat.

[jlgaddis]

Source: Me, who runs (among other things) mail servers for an ISP.

ETA:

    Received: from mail-pd0-f169.google.com (mail-pd0-f169.google.com [209.85.192.169])
    	(using TLSv1 with cipher RC4-SHA (128/128 bits))
    	(No client certificate requested)
    	by MAIL.MYDOMAIN.COM (Postfix) with ESMTPS id 1BBFA2909
    	for <ME@MYDOMAIN.COM>; Thu, 23 Jan 2014 23:00:32 -0500 (EST)

[iso-8859-1]

How does Chrome have anything to do with this?

[ams6110]

This is a server thing. Your mail client, web-based or otherwise, wouldn't know.

[Apes]

You can always add encryption on top of SMTP, as with GPG.