with mass services requiring mandatory phone number binding I think being in user mass is a viable option - you cannot get reliable “secondary” email anymore and people don’t look through data leak dumps by eyes anyway, script doesn’t care about email address string - it all becomes hash anyway. Whois protection is pretty reliable to divert snooping 3rd-parties.

As for expensive… yeah, sad state of affairs is that there’s nothing cheap about hosting your own infrastructure. Price of not really trusting anyone or having obscure technical requirements.

Encryption in transit is pretty much solved these days with TLS, what OP wants is E2E - encryption from sender to recipient with no intermediate parties having an idea about contents of the message. Problem with E2E is inconvenience: emails are inaccessible without private keys and key management is pain. Users don’t want additional headache of managing their keys between bajillion of devices where they might use emails

get a domain name, host stalwart somewhere and set up email with this new domain there, get receipt emails there and autoforward it to your main email with S/MIME, gpg or whatever enabled.

usual disclaimer ‘do not host your email blablabla’ (at least don’t get fucking digitalocean ‘droplet’ for it), but there’s no other way around that, ecommerce won’t enable shit.