Don't touch incoming email. Let somebody else do it. Set up an account with Google for domains (or one of the billions of other providers) and let them worry about security, spam, webmail, uptime, etc. GMail for domains is pretty awesome but it does mean you have to trust Google with quite a lot of your data.
As for sending email, install postfix and sendmail. Set it up as a local only system, so it's only listening on localhost. This will stop people using you as an open relay and getting your IP marked as spam.
If you host has other clients that are spammers and they don't do anything about it, your whole IP block might get marked as spam. In this case, you can also use external SMTP servers (including GMail) but you usually set this up on a per-application basis.
For example, a Django webapp of mine connects to gmail for SMTP and this is set up in the Django configuration. This is just so I can guarantee emails send and I get a copy in the gmail accounts Sent Mail box. Another site uses another client's email provider (Message Labs) and that's fine too. Everything else on that server uses sendmail+postfix.
Just to be clear, there's nothing inherently wrong with sending email through postfix. It usually gets there and unless you're doing big business through automated emails, you'll probably be fine sending email directly from your server.
This certainly isn't an ignorant fear. Open postfix and spamd processes taking up too many system resources are the bain of my existence. When I adopt clients and I'm troubleshooting their servers' lack of resources, I try and move as many of them to third party services as possible.
You've covered things pretty well there, apart from the redirection of your domain.com address to force.com. According the the RFC's you should not use a CNAME for the root record of your domain, so what you should really be doing here is creating an A record for domain.com, that points to the IP of your hosting at force.com, and configure that to serve pages for that URL.
Best Answer
Normally you talk with your DNS provider and insert those into their records. If you don't have one then you'd have to edit the files for your DNS daemon, but I strongly suspect that you're not running your own DNS server.