[tahdig]

Be careful:

By hosting your main email on a custom domain(not a provider) you open a new attack vector for identity theft.

Someone can hijack your godaddy/namecheap/gandi account and point the MX DNS records of the domain to their own server and receive all your "Forgot your password? here is the link to reset!" emails

This a very bad advice unless you actually know what are the risks.

[doopfoopdoop]

Is there a good way to protect against this aside from good password hygiene at your domain registrar?

I use namecheap if that is relevant--maybe there's a better/more secure registrar to move to.

But I guess, equivalently, someone can just equivalently hijack your email account directly if you use a service like Gmail or Yahoo.

[tahdig]

I think namecheap does not have a bad reputation, godaddy is known to be bad though(both security and customer support).

The thing is, of course people can hack your gmail or yahoo mail somehow, but when you host your own domain, you have the same attack vectors + dns hijacking and this last addition is easier to exploit with social engineering. Google atleast is virtually immune to DNS hijacking.

[yjftsjthsd-h]

Just the usual advice, I would think: Strong, unique password, and enable 2FA.

[aabbcc1241]

It may helps if the sender send you password-reset email in encrypted format

[yjftsjthsd-h]

How is that any different than someone hijacking your mail account directly? I mean, yes, now there are 2 things to secure, but it doesn't seem like very much added attack surface.