Try these:

1. Use Restricted Software to quit the app every time it's opened. Enter Mail.app as the Process Name to look for, make sure to check the "Kill process" checkbox and enter a description to let the user know why it was shut down. Scope to whichever clients you want.


2. (Optional) Use a Configuration Profile to block the Internet Accounts Preference Pane so they can't try to set up a mail account.

thanks mm2270!

to clarify, if i have these enabled, even if the users has root privilege, could they get around these restrictions?

Well, with root privileges, anything is possible. So yes, if they know what to look for and what they are doing, it's possible they could disable the Restricted Software process, but I don't know what else to tell you about that. When you talk about local admins with root privileges, there will always be ways around things and always people who will seek to circumvent them.
Let's put it this way. With those settings in place, if someone still manages to get around the controls and set up an account in Mail.app, then they were actively working against the restrictions. Its not going to happen "by accident" so you should be able to use that against them if you find offenders afterwards.

again & as always, many thanks for your expertise!

all the best!