Note: Email providers, especially those run by anonymous people (as most .onion email providers are), can go offline at any time. This happened a lot in the past and will happen in the future too. So make sure you always back up the emails you want to keep and do not have important accounts tied to these email addresses (e.g. 2FA for a valuable Bitcoin trading account).
In order to use email securely to communicate you have to pay attention to the following points:
Choose an email provider that is well vetted and do a search around Dread to find one. One that allows Tor users and is known for not being very responsive to government requests.
The email provider should be completely usable without having to enable Javascript.
Always use PGP to encrypt the emails you send and make sure that your communication partner does the same too.
Never give away information in the subject field. Although the content of your message is encrypted with PGP you can still give away information with the unencrypted subject field. For example, do not use “about the $4k drug deal we made” as a subject but rather something like “subject”.