updated 10:26 am EDT, Tue July 15, 2014
Old me.com and mac.com addresses also covered
Apple has started encrypting email traffic between iCloud and third-party services, according to data from a Google transparency website. This includes messages from older me.com and mac.com accounts. The move follows Apple promises in June that encryption would expand beyond iCloud-to-iCloud exchanges, something essential given the greater popularity of services like Google's Gmail.
The new encryption is believed to be relatively weak however, using the RC4-128 standard instead of something like AES-128. One security researcher contacted by 9to5Mac notes that the National Security Agency has possibly cracked RC4-128, although there is no direct proof of this.