Sure, you can do this -- Log in to each mailbox and scan for your competitor's names in the mail contents. You would probably be best off writing a script to do this (you don't tell us what OS or mail software you're using, but there are some good POP3 Perl modules you could use on pretty much any platform. Honestly you want to do this on the server rather than wasting bandwidth though).
Having said that, Why Bother?
Unless you are going to lock your network down to the point of being unusable for anything outside a fixed and limited set of tasks there is really nothing you can do to stop a determined mole from exfiltrating data. You should concentrate instead on analyzing the activity of a specific employee who is suspected, to gather evidence to be used in court.
Long story slightly shorter: Corporate Security is hard.
If you can't trust your users, at least to the point where you only do targeted investigations, all is lost.
(You can pretty much skip reading everything between the next two bars, it's just illustrative hyperbole :)
Let's look at some of the avenues that you would have to address to really secure your environment and make sure you "catch" everything.
First off, you mentioned word-based content filters looking for internal terminology that should never be sent via e-mail. Content filters pretty much universally SUCK, so unless your internal terminology is SO specific that nobody will ever use it in normal conversation you may want to scratch this idea. If you keep it around, see below about encryption and steganography.
So next thing to thing about: what happens if your users log in and delete the messages before you see them your detection system is broken.
To mitigate this you could set up a shadow copy of all the email your company sends, or you could scan your mail server logs to look for suspicious To: domains. (Ideally it's better if you scan the whole email, but that would require a mail-scanning server in the middle of the path somewhere, or the shadow copying I just mentioned).
Of course this all falls down if your users' contacts are smart enough to use gmail, or their home address, or something else you won't associate with your competitors.
You could block those domains of course, but blacklisting never works. You would have to whitelist domains that your users are allowed to send to, and then the one day they have to respond to Big Important Client's CEO who happens to be using his home email account that day and can't the whitelisting idea will be thrown out the window.
How do I know? I've seen it happen.
Next let's consider circumvention (and the possibility that your users are not idiots):
First there's the easy one: Encryption. If they exfiltrate sensitive data as an encrypted .zip file you won't know what's in it. Easy fix though -- ban .zip files!
The same problem exists for encrypted PDFs. Or PDFs that contain images of scanned sensitive documents (or screen captures, or anything else that's not easy to scan algorithmically) though (the latter, steganography, is hiding information in plain sight. Your text-scanning won't know what's in an image after all).
...So to address this completely we're getting to the point of having to ban all attachments -- that's obviously a no-go, your boss would pitch a fit.
Let's assume however that you find a way around all of the above. Is it possible for your users to open a connection to an outside system on an arbitrary port?
Nothing in the world says SMTP has to be run on port 25 -- your users could connect to a stealth mail server outside the company on port 80 and get data out that way.
If you cover that avenue, what if they use {gmail, hotmail, Toby's FreeMail, Their home ISP's webmail} to send the message out via HTTP? Or HTTPS (where you can't scan the request body for stuff that should be confidential)?
Now we're getting to the point now where all external network activity has to be curtailed except for a narrowly defined list of allowed services (sites + ports) -- How badly will that cripple your business?
But OK, say the boss is really worried about security and tells you to lock it down. We've now reduced your network to the point where all you can do is browse the company's intranet. GREAT! The users are miserable, but the data is safe, right? We won!
NOPE! We've just looked at email (and a little bit of HTTP). Say, is that a USB drive there on your keychain?
