mostly correct.

Most emails are actually encrypted in transit these days, non TLS SMTP is actually pretty rare these days (estimates say that around 90% is actually tls encrypted).

you can also publish a policy that an email to your domain has to go through tls or fail delivery, protecting against active downgrading attacks.

of course end to end encryption is the best, so the SimpleX recommendation (or any other e2e encrypted messenger) stands.

https://juraj.bednar.io/en/blog-en/2022/05/03/encrypted-messengers-comparison/

nostr:note1853amryax4pue8mv720fstcwj923yrqgnyta5krycp3hx4slvy2s7ezqh6