So how do I send an email securely without PGP? I've never been aware of any real alternative. The problem is just that people don't care enough to use it.
You don’t. But you don’t with PGP either: bad crypto primitive defaults, no header protection including From or Subject or Reply-to, bad typical UI showing up authenticated text/plain in with authenticated parts.
The case where I still use PGP is receiving reports of bugs from unaffiliated researchers, and I should replace it with a form on an HTTPS web site.
>no header protection including From or Subject or Reply-to
This is email, not IM we are talking about. There is no good way to do that without a lot of added complexity and hassle once the email ends up in your archive.
>bad crypto primitive defaults
If you mean forward secrecy then see the proceeding comment.
I'm missing the email header issues, unless I'm trusting PGP public keys without any thought. If someone forges an email to me, has a PGP encrypted message in it, it doesn't validly decrypt unless my crypto discipline is already so lax I'm going to have issues with any system.
The case where I still use PGP is receiving reports of bugs from unaffiliated researchers, and I should replace it with a form on an HTTPS web site.