Executive summary: step one is having your own domain

Details: Your own email service.  Or "self-custody" as they say here.  It's actually quite straightforward except for spam control.  And that is easy if you go with a whitelist only.   More complex is a system for people to apply to correspond by email with you.  (Make them use Nostr to do so.  :-)  (I use bayesian and other filters, but these are always a headache.  I am about to do a compromise and make specific email domains whitelist only.  The first will be gmail.com, as that sends 99% of the spam my way.)

First skill is buying and managing your own DNS domain.  Ideally, you should also have your own primary and caching DNS server.  With your own domain, you can "point" your email domain to any service, and shop around without changing your email address.

BUT, say you outsource your DNS server.  The DNS providers all offer email service.  Use theirs.  Using your own domain for email is basic self custody.  When you have your own primary and resolving DNS servers going, then you can switch to your own smtp server as well.  Or to another provider that uses your own domain.

Privacy you say?  no smtp provider can supply that.  You have to use encryption in your email client.  PGP, GPG, SMIME.  (There are more, but those are commonly supported in other peoples email client.)

Advanced topic: Ackshully, ICANN DNS and the TLS cabal are allow globalists to cancel you and even read/modify your TLS streams that use cabal CAs.  This is more complicated than email, but you should also use private TLDs, And private CAs.   You can share the name servers for your private TLD - just like you would share Nostr relays.  (Unless you want it to be secret as well.)  That is a high barrier for normies, but you could have an ICANN alias for them, or even register a short ICANN domain as your "TLD".

To address the TLS cabal, we get into PKCS#11 policy in your browser to control what domains the CAs loaded are trusted for.