VPN technologies are either too weak, like PPTP, too
expensive or difficult to grasp like IPsec, or too new
like the HTTPS tunnels.
A couple of years ago, I was working at a company that
used Exchange for corporate email. They had a web version
of Outlook that, I believe, was part of Exchange server.
It is almost a no-brainer to put that up on an HTTPS server.
Due to the prevalence of online shopping and banking,
even relatively clueless users understand how to look
for the secure web browsing icon (key or lock). This is
reasonably strong security, cheap to implement and easy
to grasp. It's also been proven for almost 10 years now.
And if you don't like Outlook's web version, there is
always one of the many web email packages like SquirrelMail
http://www.squirrelmail.org/ which can use IMAP or POP
(both supported on Exchange server) and which can be
secured via SSL/HTTPS.
Somebody oughta sell a secure email box that plugs in
between the Exchange server and the network and includes
a secure SMTP server relay, secure POP server, secure
IMAP server and secure web email interface. No doubt
somebody already supplies boxes like this, and ISPs just
have to start reselling them.
I don't recall the source, but it was recently reported
that 40% of the exchange server base is still on the v5.5
platform. Using that as a general indication, many of
these shops probably won't plan to upgrade anytime soon.
According to Google, Exchange 5.5 does both POP and IMAP
so the possibility of secure web mail service is there.
Seems to me that you could sell some service and
educate the users about safe email practices at
the same time.