There are defenses against those attacks, though. You can configure your SMTP server to require TLS, and to accept only path-validated TLS certificates from trusted certificate authorities. This will prevent an adversary from forcing your traffic to plaintext, and will prevent them from substituting a bogus self-signed certificate. With these protections in place, one can achieve a fairly good measure of security with basic email.
This only works if you're also forcing DNSSEC: otherwise, the attacker can substitute their own MX in your DNS responses.
This only works if you're also forcing DNSSEC: otherwise, the attacker can substitute their own MX in your DNS responses.