Unfortunately, STARTTLS is subject to service degradation attacks and it is very common for email servers to use unsigned keys. Simply enabling STARTTLS protects against passive attacks, but until email servers refuse connections that do not create a TLS session with proper certs, email will remain subject to MITM attacks. Meanwhile, this failure mode is a usability problem for email. My experience with notifying companies about insecure email practices has been extremely disappointing, even among those that should know better (like national labs and financial institutions).
Correct me if I'm wrong but wouldn't this mean that only the email stored on the recipient's email provider's server was then unencrypted.