Interesting. It looks like there's a quasi standard for adding OAUTH2 support to POP/IMAP and SMTP. However, this is more or less what I meant by tokenized authentication combined with an OOB push. Presumably the push auth is done when it's initially setup and when the token expires?
Thanks for the reply, Kelsey. I know there are many issues with legacy clients, and blocking them by implementing something like MFA. However, the OAUTH2 integration looks like it would basically close the hole. Having the option to turn this on by account and/or mailbox would be HUGE. Hopefully your mail server has a way to implement and support this!!
On a slightly different but related thought, why do you guys need to run a mail services in house? Maybe migrating customer mailboxes to a 3rd party provider would be easier in the long run? I know in the corporate world very few people run email any more. I'm sure the calculation is a bit different for a provider, but hopefully Sonic has considered that...