Mastercard/Visa rules are clear that the CVV may not be stored in any form. Sending the CVV over email is storing as the message is sent to a mail server where it is retained. Moreover, sending any card data over email is extremely insecure, especially in plain-text.
All that's needed to process a card in most instances is the number, expiration date, and CVV. If the email contained the CVV, and 8-digits of the card number, it's entirely possible to guess the expiration date and the other 8 digits, as the first four digits tell you the card type and the Luhn alogrithm narrows it down significantly.
PCI also states that any portion of the card number stored must be encrypted. This includes the last four digits as well, so again, sending that in plain-text over email is a big no-no.