[tacticalogic]

Anyway, the takeaway is: once your traffic (packets) - which includes HTTP requests, email transfers, etc. - leaves your computer there is no telling how they get to their destination. Anyone can see them. Anyone. That's why "secure" web traffic encrypts data.

You can't really compare HTTP traffic to SMTP. HTTP is typically "point to point" - it's routed directly from the client to the server without being "at rest" anywhere in between. HTTPS is used to secure that traffic. This is a "transport layer" encryption - the data stream is encrypted on one end, and decrypted by the receiving system. Email (SMTP) traffic may pass through multiple mail servers on it's way to it's final recipient. SMTP can also use transport layer encryption to secure the data between servers, but it will be sitting unencrypted on any mail server in the chain between the sender and recipient's mail servers and is available to anyone who has access to those servers.

[palmer]

SMTP can also use transport layer encryption to secure the data between servers, but it will be sitting unencrypted on any mail server in the chain between the sender and recipient's mail servers

SMTP goes from the sender's email server to the recipient's email server. It does not and cannot go to any servers in between. Perhaps you are think of routers? In that case yes, any routers anywhere could have routed the SMTP connection.

[Bob]

Even the “point to point” nature of HTTP or HTTPS traffic has the packets passing through multiple servers along the way. Any server forwarding such packets could certainly retain copies if it’s set up to do that.