The case seems to describe the technical ability, rather than consent given in the terms, for staff to read messages. If anything, I think we should treat these differently, perhaps split it into two cases. IMHO, consent given to read the messages should be the blocker case and technical ability should perhaps just be bad?
For I think even forums that use the free and open source software Discourse, like this one right here, don’t encrypt messages end-to-end, and would otherwise get this blocker case. We should take into consideration whether or not users have the expectation that they’re using a secure means of communication. On the other hand, the service in question does seem to raise the expectation to be a secure and privacy oriented suite, so it is indeed surprising that their e-mail is not e2e encrypted.