
There Are Times and Situations...
I've seen places gambling on STARTTLS when VPN's would have been the correct solution. These are the cases when you need to be absolutely sure that certain email is never traversing the Internet un-encrypted. A VPN would never (cross fingers) allow traversal without en-cryption, and would simply fail to transfer anything if down. But, if your mail configuration gets borked, how long before you figure out that you've been passing sensitive data in the clear. Since encountering the problem some years ago, I've had the same negative feelings about SFTP.