In terms of transport security, ensure you control the server on your end and enforce TLS and certificate validation of the servers you converse with. Postfix+Dovecot are a popular solution for personal use or small orgs. For a business, consider CommuniGate mail server. If you can't host the mail server, then use a mail provider you feel you can trust from a legal and jurisdiction perspective.
In terms of payload security, gpg encrypt your messages. Exchange gpg public keys with the other parties in a secure manor. Avoid gpg key servers if you are privacy conscious.
Disable HTML, CSS and Javascript in your mail reader. Enforce plain text. Use an application firewall on the machine your mail client resides and ensure it can only connect to your mail server and nowhere else.
If feasible, use plugins on your mail server and/or on your mail client that convert all manor of hyperlinks and URL's into sanitized links that are not clickable. Strip out all forms of HTML.
