If you use Gmail via webmail at https://mail.google.com or have a MUA like smtpmail.el in Emacs connect to smtp.gmail.com, Gmail is still sending your mail.
We trust the postal office to act as a reliable dumb pipe. Most email services are far from that: they filter inbound email in a way you have little control of. They spy inbound and outbound mail, and use that information to send you ads.
Also, they control your right to send and receive email: if your account is terminated for some reason (they reserve the right to, blah, blah), you cannot move to a new provider, or redirect inbound mail or nothing: they own your email address.
I mean, if you want to make the point that e-mail is not secure, you can say "e-mail is not secure." That's a statement that actually makes sense. Your false pedantry isn't convincing anyone to agree with you, it just makes you sound like a crackpot.
Oh, it's much worse than "email is insecure". It's more like "somebody else controls your email, and they don't have your best interest in mind". What did you think Alphabet was, a charity?
Besides, there's more to it than (in)security. For instance, what happens to your various accounts tied to your email if your account gets terminated? You will not be able to redirect your incoming emails, and notifying your friends will be difficult if you relied on the web interface's address book.
Also, it's a hole ecosystem: if you use a big webmail, then you allow your provider to spy on everyone you exchange emails with. If you have the means to avoid those, it is your responsibility to do so. Surely you don't like inflicting this kind of spying on your friends, do you?
So far, the only reliable way to have proper control over our own email is to control our own domain name, and operate our own mail server. Or at least use small, trustworthy providers. In other words, "send our own email".
It's intellectual property/monopoly all over again. One will chose the terms that suits one's side of the debate. I side for privacy, security, and reliability; and argue that webmail providers do not provide any of them. This thread is the first time my "sending one's own email" wording hasn't been an unmitigated success.
Virtually everyone is clueless. I mean it, most people don't know the first thing about computers, or networks, or how data flows when they send an email or even read a web page. Many others underestimate the actual price they pay for their supposedly free web mail.
The issue here is one of control: relays can basically read every mail they relay, and the likes of Gmail do. Spying on you is how they make money. No targeted ad would be possible otherwise. And the automation only makes it worse (because it scales, and can be repurposed).
And the user can do nothing about it. That total lack of control is why I maintain they do not, in fact, send their own email. Now there's PGP, but that would look conspicuous. If everyone had their own mail server, TLS alone would provide pretty good security.
What angers me the most is, even I don't have a choice: most of my friends use a big webmail provider, which invades my privacy whenever I communicate with them. This would never happen if we all had our own mail servers.
> Now there's PGP, but that would look conspicuous.
Also, it doesn't hide the authenticated user, envelope mail from or envelope rcpt to values used in the message, unless, like you said, the sender and recipient(s) are using their own SMTP servers.
I remember when everyone could have their very own mail servers. Never since have I been offered such a vast and varied selection of ways to increase the size of my penis.
Virtually no one else reads that book. To everyone else, the user operating the MUA is sending their own email.