A spam filter shouldn't be needed. Typically this is done on your provider's servers. For example, O365 and Google scan Office and gmail accounts (for SPAM and in the case of Google, to direct advertising to you). Any SPAM that would be caught should be caught at that level. Our client would then just sync the scanned resulting folders. Because we don't store any of your content on our servers, if we did do SPAM filtering, it would need to be done locally at each client/system. That would be very inefficient, but an interesting thought.
With respect to best practice, we always tell clients whatever is most comfortable for you is your best practice. If you use a different email client and receive an encrypted email, you can just open the attachment in that email and it will be sent to our client (assuming our client is installed) and it will be decrypted. You would need to originate any encrypted email in our client.
BTW, we like to think our client is good enough to be your go-to email package, but if you see things missing or have other suggestions, please let us know. We will work to make it as great as we can.