Recommendation for determining a specification (Score 1)

A significant set of comments here approach this problem from the server and sysadmin side. None of them approach the problem from the user interface or usability side. How can your implementation be successfull if your users (up to 1 million) are unhappy with the way they are required to use it, or it's unusable to them (very common for those not technically inclined as you are almost certainly to have with that many email accounts)

First you need to determine how the users will access their email, and how they are going to use it. Will this be webmail, client app, PDA, etc.

Then you need to determine what the user requirements are:

• Calendaring support (this will be nasty if application integration is required)
• Shared contacts
• Webmail (and what browsers will be used)
• SSL/TLS
• SMTP Authentication
• Roaming users (anyone not on the intranet)
• IMAP, IMAPS
• POP3, POP3S

Also what applications they will be using to connect to this system such as: emacs, pine, mutt, thunderbird, outlook express, MS outlook, opera, evolution, mail.app, etc.
If possible try to enforce a policy restricting the use of email clients to a small subset, but do however remember that there may be users on Mac's, **nix PC's, Windows PCs, and potential others. (NB: Avoid allowing Outlook Express if you wish to use IMAP)

Determine your security requirements for the mail system. Is everyone required to connect using SSL encrypted links?

Determine your minimum service levels required (99.9% uptime or higher, do note that every 9 beyond the first 3 can be expected to double the cost of the solution)

Determine support levels for hardware with respect to warranty, part availability, technician availability etc.

Determine backup requirements, are you required to be able to restore individual emails, individual mailboxes, all mailboxes, and how many levels of backups are required? Do you need to be able to restore emails deleted 4 months ago

Quota requirements, are there limits on the size of a persons mailbox, can this be customized, are there limits on the size of an email a user can send, and the same for receiving. Will you allow a user to store 2+GB of email on your system?

Determine other legal requirements, such as a requirement to be able to retrieve any email sent through the system for auditing/legal purposes

Determine effectiveness of antivirus filtering and how many levels of antivirus filtering will you require to ensure robustness and the correct level of user protection?

Determine level of spam filtering required (generic, user specifiable, with headers, without headers,

Do you require mailinglist or distribution list requirements (mailman?)

How many physical sites will be accessing this mail system (one office? multiple branches)

Will you be requiring a support ticketing system? (example: RT from http://www.bestpractical.com/)

Will users be able to customize their mail settings (enable/disable bayesian spam filtering, custom antispam rules, setting of spam thresholds, autoresponder messages, out of office replies, disable/enable spam filtering, disable/enable antivirus filtering)

What level of redundancy are you required to have? Do you need to provide redundant systems even if one datacentre is disconnected (somehow)
ie. main datacentre you use in the UK is disconnected for some reason outside your control, do your roaming users in the UK still need to be able to access their email without any loss through an alternative backup mail system in the US?

Can your users be split up into multiple sub-domains? ie. production, hr, finance, lists, support, technical, development, etc. And will they notice or can you hide it from the user with a simple server-side rewrite.

How are you going to measure the performance of the system once in place. wrt disk space, amount of connections, uptime, service availability, etc.

How are you going to notify failures

Are you going to implement it yourself or approach an ASP or outsource the project.

If you're going to do it yourself, how are you going to measure bandwidth requirements, storage requirements, what switching and routing gear are you going to use.

what deployment level are you going to need

is the solution going to need to be modular, expandable, growable?

how many users are you expected to have in 2 years? 5 years? how much data will they store? will they need any of the above functionality?

how are users connecting to your mail system? dialup? broadband? other?

Once you have looked at all these requirements, (and any I may have missed or am unaware of any specific to your situation), design a specification.
Then from the specification, get some peer reviews with all your questions and answers provided. If you don't wish to implement a solution yourself, create an RFP and send this out to some vendors. If you want to implement it yourself, you must get a peer review or you're setting yourself up for a potentially big disaster.