- Include your PGP key.

I can't send you an encrypted response if you don't.

- Verify my PGP key.

The only source you should trust is this website's page containing my PGP key. A key that originates from any other source may be that of an imposter. 

- Use a strong encryption standard.

Using a quantum-proof standard is best. We must work to stay informed on new developments in Cryptography - both new cryptography standards, and new attacks.

- Don't use an email provider that spys on you. PLEASE!

If you're sending from a Google, Yahoo, Outlook, or similar address, don't get a false sense of security - everything you are typing as you compose your email is being sent back to a data-center, mostly used for tailored advertising. Example from Google's Privacy Policy