I believe you're right but don't know enough about the real back end magic to confirm. I want to say I once read that the DM was always broadcast to all servers but that seems pointless.
What matters is that dm's are not private and should not be considered private, both in transit (during sending) and at rest (copy sitting at each server)

[–] LifeInMultipleChoice@lemmy.world 7 points 2 days ago* (last edited 2 days ago)

Someone could point out where I am wrong but essentially it is the same as a standard email in that there is a plain text copy stored in both the send and receive instance. Maybe it is easier to think of as just another comment where instead of @domain.xyz has read access, just the specified user@domain.xyz has read access. The server admins could still see them if they wanted to, just like Yahoo, Google, etc can in plain text (which is how SPAM filters often work, as in if the email was actually encrypted they wouldnt know the content inside it to try to filter it out.)

More end to end options are coming to the fediverse, (Matrix has been around, I saw something last week another was coming) but really most people don't ever encrypt data they send to others, and don't care usually.

See: Epsteins emails being accessible without decrypting anything. There were people who supposedly found his password in the released files, and just logged into outlook or whatever with it. End to end encryption should have required them to have s/mime (handshake performed) on that specific device to see the emails, so it would have all been garbledegook. Aka plaintext was stored on both server ends until deleted by the companies/users.