And which email clients can do this?
A defacto standard needs to be adopted. If I don't provide SPF or DKIM, I am likely to be deemed spammy, hence a defacto standard has been established. I don't see this with TOTP.
I'm all for TOTP, but I'm not going to code my own.
Original Message From: sebastian@sebbe.eu Sent: October 27, 2020 5:56 PM To: dovecot@dovecot.org Reply-to: dovecot@dovecot.org Subject: SV: SV: Looking for a guide to collect all e-mail from the ISP mail server
Whatever Gmail wants is essentially a defacto standard.
Gmail have solved it with a Oauth authorization scheme. Basically, first time setting up mail, you are asked to authenticate by 2FA in a webview, then a shared secret is established, that is used during SMTP and IMAP time. Both Hotmail and Gmail is using this hackish webview solution for Outlook integration (and integration in some other email clients).
Thats why Google and Microsoft have their own buttons inside Outlook and some other mail clients.