Even just a very thin encryption layer would probably do a decent job. Attackers are typically going at it from an infrastructure perspective: they make a hole, poke around for basic configuration info, locate the database, and siphon it out. They may or may not have enough time and knowledge to reverse-engineer a basic column-specific symmetric scheme.
The only drawback is that such scheme must then be made available to any system that consumes the database, possibly from multiple languages.
Not any system that consumes the database, just any system that needs to send email. Unless you are using the encryption for other fields as well, I suppose.
The only drawback is that such scheme must then be made available to any system that consumes the database, possibly from multiple languages.