All her emails were unencrypted, 100% of them. But the relevant question is whether they used link encryption. The answer is a little murky. By the time the server was noticed in 2015, it was using Exchange 2010 with a web interface with HTTPS. That was hosted at a hosting center. But from Jan to March 2009 there was no link encryption, and from March 2009 to Oct 2010 they probably used HTTPS. If IMAP and SMTP were used during that time, it is not know whether they were protected with SSL. Presumably after Oct 2010 they used HTTPS but that is not definitive.
I am trying to grasp the significance of why it is apparently an important distinction that it was the email server TRAFFIC that was compromised, not a login to the server itself and retrieval of the emails that way.
I can feel the significance of it in my head, I can almost pin it down logically, but I just cannot put my finger on it. It eludes me...I have to go listen to the podcast again. If I can discern his emphasis on it, I will post it here to provide the context.