Efail worked with the default settings on almost all clients except Mutt. Most email clients do not have a "plain text" mode. They all display emails as HTML and apply some formatting to make the "plain text" mode be monospaced.
Also, one of the Efail exploits (the CDC gadget) was a cryptographic vulnerability. The fact you could manipulate the ciphertext to inject HTML tags such that GPG wouldn't scream bloody murder (because the MDC wasn't required and had very odd semantics, where GPG would output data to the caller before it had been authenticated and clients showed it as a warning and still rendered the HTML exploit) was definitely at its core a cryptographic bug.
All of this was explained in significant detail in the CCC talk about Efail[1].
Also, one of the Efail exploits (the CDC gadget) was a cryptographic vulnerability. The fact you could manipulate the ciphertext to inject HTML tags such that GPG wouldn't scream bloody murder (because the MDC wasn't required and had very odd semantics, where GPG would output data to the caller before it had been authenticated and clients showed it as a warning and still rendered the HTML exploit) was definitely at its core a cryptographic bug.
All of this was explained in significant detail in the CCC talk about Efail[1].
[1]: https://media.ccc.de/v/35c3-9463-attacking_end-to-end_email_...