[Avamander]

> Of course these days the mega-corp walled garden email providers don't really follow standards like IMAP.

Not really true. It's usually the client implementations that violate the standard in some way or another, like Outlook. But there are way more bespoke rare clients that have poor implementations.

> They have each implemented their own proprietery out-of-band authentication system that only works over HTTPS using the OAuth2.0 toolkit to build it.

Well, no. They have implemented OAuth and that's not proprietary. They do it because plain login has massive downsides.