Send the address and delete it after you’ve verified that the recipient is in your simplex contacts. You can verify via security code. You’ll know when they use the link. Delete the address afterwards.

You can encrypt your message using something like gpg or age

Maybe ask them to establish private (end to end encrypted - E2EE) communication channel by using PGP or ask them to use the service like proton.me which has E2EE mail. If they know some answer to your question, you can send them link to an password protected paste at https://bin.disroot.org

QR code in the mail along with a digital verification

You don’t have to encrypt the message, simply observing it won’t compromise security. You only need to ensure that the channel is 1) authenticated (that is, you know who you send to) 2) cannot MITM you (that is, replace the link). MITM can be mitigated with security code verification via yet another channel, but SimpleX relays cannot MITM key exchange (unlike any centralised service).

Without face-to-face communication, you cannot guarantee you haven’t been man in the middle MITM.

One of the benefits of public key cryptography, is everybody can publish their public key, and then you can have a reasonable assurance that you’re talking to the appropriate person, cuz you can see the key, they can see the key, so in theory you have verified the key.

With simple x, if one of you publishes a known non-incognito, static receive address. IE on your public website, or in your letterhead, or something, then the other side knows they’re talking directly to you. You don’t know you’re talking directly to them. Or at least to the published address

If you want to talk to somebody, in a deniable way, then you probably should not be sending them direct mail. Meet them in person, exchange addresses that way, use briar, something.