Unless the e-mail you send is either encrypted with something like PGP or whatever, or else you send it directly from your machine your friend's SMTP server, using TLS, then the operator of any SMTP forwarding host in between could have your e-mail, not to mention someone just snooping traffic.
Speaking of encrypted e-mail, if you send that to a gmail user, then Google only has the fact that that user received an e-mail of a certain size from you on a certain date. People who are paranoid about which data warehouse has their mail should be using encryption.
>...or else you send it directly from your machine your friend's SMTP server, using TLS, ...
That is normally what happens these days. Intermediate email forwarding is so rare as to be non-existent. Only a small percentage of email is sent unencrypted between servers[1].
Agreed that email should be encrypted and, perhaps more importantly, signed...
> Intermediate email forwarding is so rare as to be non-existent.
Where did you get this belief? Almost no e-mail user who uses a client to send SMTP right from their PC or mobile device can send directly to their destination, because they don't have a static IP address with e-mail reputation.
Directly to the destination meaning: looking up the MX record for the domain of target e-mail address, and contacting that host.
People who self-host such e-mail receiving hosts will themselves drop the connection from such a user, if they implement RBL-based anti-spam measures.
Speaking of encrypted e-mail, if you send that to a gmail user, then Google only has the fact that that user received an e-mail of a certain size from you on a certain date. People who are paranoid about which data warehouse has their mail should be using encryption.