The problem with S/MIME is that it is strictly hierarchical. That already hasn't worked well for TLS.

The aim of email encryption is in a large part to prevent government-level parties from reading the emails. It doesn't really make sense to then go back to a system controlled by the very same parties.

OpenPGPs web-of-trust model seems more appropriate.

But both approaches share a significant number of problems, so...

Yeah. They're pretty much free too, from Comodo and Startcom. You can get one for ~$10 from Certum (what I use) and $30 from Globalsign.

It's handy too, as I can sign emails using my iPhone just by importing my p12.