What protocols and servers are involved in sending an email, and what are the steps?

The SMTP server at Gmail (which accepted the message from Thunderbird) will route the message to the final recipient.

It does this by using DNS to find the MX (mail exchanger) record for the domain name part of the destination email address (hotmail.com in this example). The DNS server will return an IP address which the message should be sent to. The server at the destination IP address will hopefully be running SMTP (on the standard port 25) so it can receive the incoming messages.

Once the message has been received by the hotmail server, it is stored until the appropriate user logs in and retrieves their messages using POP (or IMAP).

Jason - to answer your follow up...

Then, SOMESERVER uses SMTP again to send the message to RECEIVESERVER.com on port 25 (not smtp.mail.RECEIVESERVER.com or anything fancy).

That's correct - the domain name to send to is taken as everything after the '@' in the email address of the recipient. Often, RECEIVESERVER.com is an alias for something more specific, say something like incoming.RECEIVESERVER.com, (or, indeed, smtp.mail.RECEIVESERVER.com).

You can use nslookup to query your local DNS servers (this works in Linux and in a Windows cmd window):

nslookup
> set type=mx
> stackoverflow.com
Server:         158.155.25.16
Address:        158.155.25.16#53

Non-authoritative answer:
stackoverflow.com       mail exchanger = 10 aspmx.l.google.com.
stackoverflow.com       mail exchanger = 20 alt1.aspmx.l.google.com.
stackoverflow.com       mail exchanger = 30 alt2.aspmx.l.google.com.
stackoverflow.com       mail exchanger = 40 aspmx2.googlemail.com.
stackoverflow.com       mail exchanger = 50 aspmx3.googlemail.com.

Authoritative answers can be found from:
aspmx.l.google.com      internet address = 64.233.183.114
aspmx.l.google.com      internet address = 64.233.183.27
>                  

This shows us that email to anyone at stackoverflow.com should be sent to one of the gmail servers shown above.

The Wikipedia article mentioned (http://en.wikipedia.org/wiki/Mx_record) discusses the priority numbers shown above (10, 20, ..., 50).

You're looking for the Mail Transfer Agent, Wikipedia has a nice article on the topic.

Within Internet message handling services (MHS), a message transfer agent or mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture. An MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol.

The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services.

You might also be interested to know why the GMail to HotMail link uses SMTP, just like your Thunderbird client. In other words, since your client can send email via SMTP, and it can use DNS to get the MX record for hotmail.com, why doesn't it just send it there directly, skipping gmail.com altogether?

There are a couple of reasons, some historical and some for security. In the original question, it was assumed that your Thunderbird client logs in with a user name and password. This is often not the case. SMTP doesn't actually require a login to send a mail. And SMTP has no way to tell who's really sending the mail. Thus, spam was born!

There are, unfortunately, still many SMTP servers out there that allow anyone and everyone to connect and send mail, trusting blindly that the sender is who they claim to be. These servers are called "open relays" and are routinely black-listed by smarter administrators of other mail servers, because of the spam they churn out.

Responsible SMTP server admins set up their server to accept mail for delivery only in special cases 1) the mail is coming from "its own" network, or 2) the mail is being sent to "its own" network, or 3) the user presents credentials that identifies him as a trusted sender. Case #1 is probably what happens when you send mail from work; your machine is on the trusted network, so you can send mail to anyone. A lot of corporate mail servers still don't require authentication, so you can impersonate anyone in your office. Fun! Case #2 is when someone sends you mail. And case #3 is probably what happens with your GMail example. You're not coming from a trusted network, your just out on the Internet with the spammers. But by using a password, you can prove to GMail that you are who you say you are.

The historical aspect is that in the old days, the link between gmail and hotmail was likely to be intermittent. By queuing your mail up at a local server, you could wash your hands of it, knowing that when a link was established, the local server could transfer your messages to the remote server, which would hold the message until the recipient's agent picked it up.