You can get certs starting out at $20 a year and 256 bit encryption. I think those ones won’t give you trouble but I am not 100% sure. At that price you could easily add that into the service charge for email so it doesn’t come out of your bottom line.

The other thing is you could do a self signed cert. The downside is that the client would have to install the cert everytime they were on a new computer, such as internet cafe or public kiosk. But it is free and you can generate keys for each domain.

If they are running a Windows AD environment you can set up a certificate authority in the domain and issue their own domain certs applied through GPOs. Then you can issue one cert from their AD domain and use it for their mail domain. This would get rid of the need for their corporate workstations to manually install the cert since it would be applied to the domain, but public machines would will need to install the cert when they needed to use it.

In Windows go to Start > Programs > Administrative Tools > Public Key Management. Then select Certificates > Trusted Root Certification Authority > Certificates to see what certs are automagically trusted by Windows, then you can search for a cheap one.