[deelowe]

Yet they apparently have not implemented 2-factor authentication or rate limiting for students' email accounts...

As others have pointed out, there are a few very simple ways to deal with this sort of thing. Rate limiting alone would like take care of the problem. This is probably a simple config update on the smtp server.

[bat99]

Catering for such a large and varied set of users requires difficult evaluation of risks and benefits to the majority.

The underlying problem in this situation was that Google were so slow to respond to reports of malicious content.

The brief block on Google Docs has served as an excellent way to get attention and highlight a number of things that need consideration.

[deelowe]

Google was picked on b/c it was an easy target. I'm sure there are plenty of other fishing sites out there that don't use Google, yet those weren't blocked. This a seriously boneheaded way to go about things. Unless you are just going for media attention.

[Major_Grooves]

they run the mail on Microsoft Exchange I think and I don't think there is an easy way to use 2-factor authentication with Exchange (as opposed to Gmail).

[_wp3r]

There are numerous solutions for two and multi factor authentication with exchange. PIV/CAC as one example. There are also other soft solutions for 2FA.