Kostya,
Please forgive me for infringing in the area of your expertise. It is most likely that you have thought about this, but I would through in a thought just in case.
I've seen that in the recent half a year, "incidents" similar to the recent shaw.ca problem have happened with a several different providers. This suggests that it is a recurring type of situations.
In this recent development build (1.5.7-32-dev2.3.2) you've introduced a workaround for one provider, but it will happen again with another provider some time soon. Also, at some point this provider might have it fixed.
So, here is the thought:
Would it be possible/resonable to build a generic workaround with roughly the following scenario:
Aquamail tries the first authentication method. If an error occurs, (or some particular type of error, if it can be differentiated), Aquamail tries to reconnect and use the next type of authentication method. (Just making sure it is not an infinite loop if none work for some reason.)
Am I missing something fundamental in this scenario? Does it break something?
Or is it just difficult (or resource-expensive) to implement correctly?