Have a look at https://forwardemail.net/. It’s a service that handles accepting (and optionally sending) email on your domain, and forwarding any received mail to other backend services, like a gmail account. All you need to do is set some DNS records, like MX and their servers will handle everything. It works fine with domains hosted on cloudflare, and has excellent howto’s to get everything set up and running.
Edit: The great thing about this service, imho, is their guides. They don’t just have a static howto, they template in your information into the exact string you need to copy/paste into the service provider’s web interface. Want to encrypt your plaintext TXT records? There’s a button for that on the guide. Want to learn how to get around a port 25 ISP block, they have a guide for that. Want to set up proper Send-As from Gmail using their SMTP server? There’s a guide for that. :-)
Security and bugfixes, after one or two rounds of testing by early adopters/key users. Preferably through some form of automatic updates.
New features and breaking changes, or anything that requires the end-user to pay attention, I’d say no more than 4 times a year, and using a non-automatic form of update. The hard thing is getting the user’s attention on the changes, and not just clicking next and then having a broken or insecure installation.