The bootstrap question is addressed by requiring the end-user to know their
e-mail address and password. Based on the domain name, the implementation
would reach out to https://something.domain-name.tld and download the
relevant "schema" and data for IMAP, SMTP, POP3, etc, in ordered priority.
Based on what the e-mail client could support, the desired settings would be
displayed, and upon end-user approval, applied.
End-user approval? That means support calls, ISPs wouldn't like that.
I can believe something like this could be made to work, but I would think
hard about all the way that web sessions can get screwed up or hijacked
before I persuaded myself that a scheme was likely to work where it needed
to work (e.g., when connecting to a hotspot that hijacks all web sessions
until you log in) while not being subject to hostile spoofing.
Followups definitely to IETF-something.
R's,
John
