I do not think it is meaningfully possible to fix that system (I say meaningfully, because I'm excepting the pathological senses I mentioned above). If you want it to look, feel like email and be compatible, you can't secure it.
MTA-STS works because it does not require end users to do anything. If you need end users to change their workflow, you could try to do that with e-mail (which fundamentally can't do all the things you need it, per the post and the PGP post), or you can just make them use a non-broken protocol.
I guess I don’t understand why you would think that the following wouldn’t work:
- use random email addresses
- encrypt the content with something more secure than PGP (on the client)
- receive the email and decrypt it (on the client)
Sure, it’s plaintext, but I don’t see the downside?
How do I securely communicate what the new email address is? How do I hide IP-level metadata? How do I hide time-level metadata? How do I do PFS?
At some point you're going to keep adding lipstick to the pig until eventually you have something morally equivalent to the pathological example I gave.
MTA-STS works because it does not require end users to do anything. If you need end users to change their workflow, you could try to do that with e-mail (which fundamentally can't do all the things you need it, per the post and the PGP post), or you can just make them use a non-broken protocol.