Password Reset emails missing TLS leads account takeover

Hi, I saw that the email is sent in clear-text instead of TLS (Transport Layer Security) any Man-in-the-middle attacker is able to read these sensitive Emails and get the password reset link which lead to account takeover. Email details: from: [email protected] to: [email protected] date: Fri, Sep 30, 2016 at 10:31 PM subject: Change your password mailed-by: rubygems.org encryption: ec2-52-43-250-235.us-west-2.compute.amazonaws.com did not encrypt this message Thanks, Diogo Real