The only reason for this would be that gmail -> gmail email doesn't leave their servers. However, I think it's irresponsible to suggest emailing oneself private information without explaining the caveat, because others might, say, do the same thing from their work email to their gmail account, and consequently send private data in the clear through random mail servers.
The GMail smtp service supports STARTTLS for incoming mail. It could very well be encrypted every single hop, from sending client to origin SMTP relay, from SMTP relay to GMail, and then from GMail to receiving IMAPS client.
The situation is a lot better than it was a handful of years ago. It's not quite the "don't ever do this!" it once was.
I am sure you can send email to GMail accounts with unencrypted SMTP. Just look at the incoming "Received" headers. If they do not contain a "cipher=" section, the connection was not encrypted.
I think what you mean is that GMail requires you to use https for their web interface.
I think what you mean is that GMail requires you to use https for their web interface.
gmail requires STARTTLS (or ssmtp) when an authenticated user submits outbound mail to them via SMTP (http://support.google.com/mail/bin/answer.py?hl=en&answe...), which is what he may have been mis-remembering. But, yes, it is incorrect that all mail sent to gmail.com addresses is TLS encrypted.
I feel kinda dirty sticking up for Jeff here - but that means if you _know_ your outbound mail always uses TLS when available, then maybe the security-in-transit concerns are eliminated. (I don't even know where I'd start trying to find out if all my possible ways of sending myself mail can be conclusively determined to be using TLS though.)
That would be a perfect counter argument, except the point mentioned in the article specifically related to getting passwords sent to you from other services.
$ telnet smtp.gmail.com 587
Trying 173.194.67.108...
Connected to gmail-smtp-msa.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP ea6sm27303065wib.5
HELO zwp
250 mx.google.com at your service
AUTH PLAIN [elided]
530 5.7.0 Must issue a STARTTLS command first. ea6sm27303065wib.5
$ telnet smtp.gmail.com 587
Trying 173.194.67.109...
Connected to gmail-smtp-msa.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP ff2sm43397967wib.9
HELO zwp
250 mx.google.com at your service
MAIL FROM:<test@example.com>
530 5.7.0 Must issue a STARTTLS command first. ff2sm43397967wib.9
Please try your test again on port 25, which is the port that server-to-server e-mail would use, as the post above yours said that it is possible to send e-mail to @gmail.com without using STARTTLS. This is, in fact, not only possible but required. Otherwise, @gmail.com would be inaccessible to any e-mail address using an MTA that does not support or is not configured for TLS.
