Thank you for this - yes, I understand that this is a tall order, but I also can't help but think that most of these requirements are fairly common individually?

As for address stability, it would be good to have a point of contact that's easy to put on a website or flyers or whatever.

Thinking aloud here, I guess one option could be to have a signal account and a setup similar to what is described under the 'Start Your Own Announcements-Only Service on Signal' heading here: https://crimethinc.com/2024/05/27/the-sunbird-how-to-start-an-announcements-only-thread-on-signal-and-how-organizers-in-austin-used-one-to-coordinate-solidarity-with-palestine to be able to check the incoming messages from multiple devices. I guess some level of tech-savviness would be needed for the setup of multiple Signal accounts on a single machine if people are using their own hardware, but otoh it also means minimal setup for people contacting the organization. If more than five (max number of linked signal devices) people are responding to messages, group chats with the incoming user, the org account and the account of the person responding could be setup for searchability etc. This solves some problems but creates others...

The issue you're describing is why I'm not keen on email, and why I mention Signal as an alternative I've considered - Signal is a user-friendly way of ensuring both encryption and that meta-data isn't accessible to providers on either end unless someone's device is compromised.

The reason I'm interested in encryption is that I want a higher baseline of security for these orgs. In a changing political landscape it is hard to say what may become sensitive over time. Hypothetically, if one of these orgs is distributing contraceptives internationally we want neither meta-data about who is contacting them nor message contents to be accessible to providers. Since encryption is a pain with email we can assume both are accessible to providers when using that. Ideally I want encryption to be an easy default for both the orgs and the people contacting them.

Any thoughts on how to handle the encryption aspect here? :)

Right, forwarders solves the password issue, but the encryption issues remains. Any thoughts on how to handle that? PGP in my experience is non-trivial to set up correctly, and even when correctly setup does not protect metadata.

The purpose of the email addresses tends to be something like contact@example.com - it's the central place outsiders contact the org. A common way to work with it would be that emails are checked during the orgs weekly/monthly meeting, incoming emails are discussed, and someone is tasked with writing a reply with the group's response to the email. I haven't seen mailing lists being used for this type of thing, but I guess that could be a solution for the password sharing, but at the cost of having individual email addresses in-house - some type of individual accounts would probably be necessary either way to get away from the whole shared passwords situations...

The appeal of Signal is that it's managed and has some level of security by default. My impression of securely configuring email, in particular on someone else's hardware, is that it is very technically challenging, but it's also not something I've ever attempted. Would you say my impression is correct?

I'm slowly also realizing that this is probably also a key requirement for a lot of these orgs: they do not have dedicated IT people or a lot of cash. A lot of the time there's someone with some IT interest, but rarely with time or interest in long term admin-ing.