91% of incoming email to Gmail uses opportunistic TLS. STARTTLS has proposals to harden its security. MTA-STS uses DNS to advertise a domain will always use TLS for email. DANE/DNSSEC is the ultimate solution though that's very ambitious.
In practice, most emails between major domains will be encrypted over every public link. Only the two providers and the two parties will know either the contents or the metadata.
Whether you can trust the providers is a different discussion. But if you can't trust the companies, then you also couldn't trust most software either. The encrypting and decrypting have to be done somewhere.
In practice, most emails between major domains will be encrypted over every public link. Only the two providers and the two parties will know either the contents or the metadata.
Whether you can trust the providers is a different discussion. But if you can't trust the companies, then you also couldn't trust most software either. The encrypting and decrypting have to be done somewhere.