> Am I just too paranoid about email?
You are not. I always say your email account is the most valuable thing you own. You need to keep it more secure than even your bank account (because that is easy to recover and rollback if stolen)
My password manager and email are the two things I own that require three factors to access - username, password, and hardware authenticator.
No way in hell I’m going to even consider using a new webmail product from a small startup.
I agree that it's very important not to lose control of your email account. Someone taking it over would be very bad indeed.
On the other hand, I don't have very high expectations when it comes to the security of the actual email messages. I don't control the other end at all. Email infrastructure, software and protocols are old and varied. Keeping those messages secure seems a bit hopeless.
Username and passwords should be considered a single factor, even moreso for email since your username is often your email address and could be considered public information.
The four types of factors are: something you know, something you have, something you are, somewhere you are.