VPN technologies are either too weak, like PPTP, too expensive or difficult to grasp like IPsec, or too new like the HTTPS tunnels.
A couple of years ago, I was working at a company that used Exchange for corporate email. They had a web version of Outlook that, I believe, was part of Exchange server. It is almost a no-brainer to put that up on an HTTPS server. Due to the prevalence of online shopping and banking, even relatively clueless users understand how to look for the secure web browsing icon (key or lock). This is reasonably strong security, cheap to implement and easy to grasp. It's also been proven for almost 10 years now. And if you don't like Outlook's web version, there is always one of the many web email packages like SquirrelMail http://www.squirrelmail.org/ which can use IMAP or POP (both supported on Exchange server) and which can be secured via SSL/HTTPS. Somebody oughta sell a secure email box that plugs in between the Exchange server and the network and includes a secure SMTP server relay, secure POP server, secure IMAP server and secure web email interface. No doubt somebody already supplies boxes like this, and ISPs just have to start reselling them.
I don't recall the source, but it was recently reported that 40% of the exchange server base is still on the v5.5 platform. Using that as a general indication, many of these shops probably won't plan to upgrade anytime soon.
According to Google, Exchange 5.5 does both POP and IMAP so the possibility of secure web mail service is there. Seems to me that you could sell some service and educate the users about safe email practices at the same time. --Michael Dillon