Email Auth Options

FAOS can send emails using the Customer’s email provider. Authentication method depends on what the provider supports. In general, OAuth is preferred when available. App Passwords are a commonly accepted alternative when OAuth is not supported.

OAuth (Recommended)

• Provider-managed authorization (token-based)
• Typically easier to revoke access without changing the mailbox password
• Often aligns with modern provider security requirements

App Password

• Provider-issued credential specifically for third-party applications
• Used when the provider does not support OAuth for SMTP sending
• Can be rotated or revoked from the email provider account settings

Security Guidance

Regardless of the method chosen, customers should protect email credentials and rotate/revoke access when staff changes occur or if compromise is suspected.

Scope

This page provides general guidance on email authentication options. FAOS does not provide provider-specific security consulting or guarantee deliverability outcomes.

Related references: Email System · App Passwords · Email Settings