This is why it's vital to run your own email server. It's not hard -- "apt-get install exim4 sa-exim" will give you a decent state that's working out of the box (you can adjust it further if you know how), requires hardly any maintenance, and can be shared with friends/family who don't know what a "server" is.
If you run your own mail, any secret warrants (or warrantless expeditions!) are out, except for man-in-the-middle attacks (ordinary SSL being no-good because it's trivial to silently disable). And those can be stopped once DNSSEC+DANE support becomes mainstream. In Debian, this means postfix or exim from unstable/testing. If you configure your mail server for DANE, everyone with a DANE-capable MTA will send mail to your box securely.