I haven't thought this through fully but is it technically possible to identify whether an outgoing email is being sent to a custom domain that is associated with a protonmail account (no additional encryption necessary). If the indicator was a "no" then being given the option to send either (1) an unencrypted email; (2) an encrypted email using the current system (link + password); or (3) an email encrypted by PGP using a stored public key already provided by the potential recipient.