Well, there are several reasons why providers have not drank the oAuth koolaid, for better or for worse. Might be a good excuse for a M3AAWG survey, on why they don't.. but if you trust our impresssions, from all the conversations we have with email providers..
* Don't want the extra work to implement oAuth servers * Afraid of maintaining an oAuth server * General 'its complicated' comments * Suspicious of 3rd party oAuth providers - data tracking, security breaches, et al * Don't want to confuse customers with changes I think that small providers are doing themselves a huge disservice if that's how they think. Microsoft/Gmail is marketing pretty hard 'basic' auth as insecure, with them now even almost fully deprecating it. New apps, new services won't even support basic auth anymore and the market will then be fully dominated by these two players. Outlook's implementation of Gmail's Oauth is very smooth and I don't see why the same can't be done with other providers. Scott
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
