1. On today's internet, the sender's mail server almost always talks directly to the receiver's mail server anyway, both so that random intermediate servers don't see the message and (mostly) as a spam mitigation measure.
2. That MX-to-MX connection will usually happen over TLS, which is encrypted.
3. Almost always, the clients will connect to their respective mail servers over an encrypted connection.
So in practice that kind of injection isn't really feasible.
1. On today's internet, the sender's mail server almost always talks directly to the receiver's mail server anyway, both so that random intermediate servers don't see the message and (mostly) as a spam mitigation measure.
2. That MX-to-MX connection will usually happen over TLS, which is encrypted.
3. Almost always, the clients will connect to their respective mail servers over an encrypted connection.
So in practice that kind of injection isn't really feasible.