Okay, so … hm.
So having caught up on all of that, I don’t know whether or not riseup is compromised, but that’s almost beside the point to me. With consideration for their wishy-washy sort of interfacing with users, I think I’ll pass on using them. I know no solution is perfect or bulletproof, but I don’t think consistent reliability is too much to ask for, in this context.
So I checked out Whonix’s email wiki, detailing alternative options, threats, and so forth.
The Threats chapter above states “e-mail is always a single point of failure”. It doesn’t really matter, apart from privacy by policy, no e-mail provider can significantly improve privacy by design. The most important thing about e-mail providers you should ask about e-mail providers is: Will they tolerate me signing up by Tor and exclusively using the e-mail service over Tor?
With that in mind, I considered following the instructions outlined in the same wiki for establishing a Gmail account over Tor, being sure to use PGP for all correspondences. But then there’s this:
Recommended against. Not Tor friendly. It would be very difficult to sign up using Tor and to exclusively use it over Tor. They most likely ask for phone verification and this is almost impossible to do without jeopardizing anonymity.
While prepaid devices are an option for SMS verification, privacy concerns still linger. Plus, just because Google claims I’d be able to reliably login over Tor upon initial sign-up doesn’t necessary make it so. We know theory doesn’t always translate to practice.
So, I will continue exploring my options. In the meantime, if you have any specific recommendations, especially for hosts, please do advise. And thank you again for your input.