What is IMAP email migration?

IMAP email migration is the process of transferring emails from one IMAP email server to another. This includes copying all messages, folders, and folder structures between email providers like Gmail, Outlook, Yahoo, and any server that supports the IMAP protocol. Mailbox Taxi automates this entire process with a simple desktop interface.

How do I migrate emails between IMAP servers?

With Mailbox Taxi, you simply select your source and destination email providers, enter your credentials, test the connection, and click Start. The tool handles all the complexity of IMAP synchronization, folder mapping, and message transfer. You can migrate between any combination of supported providers or custom IMAP servers.

Is my email data safe during migration?

Absolutely. Mailbox Taxi runs 100% on your local desktop — your email credentials and messages never pass through any third-party cloud servers. The connection between your machine and the email servers uses the same TLS encryption as your regular email client.

How long does an IMAP migration take?

Migration speed depends on the number of emails, their size (attachments), and your internet speed. A typical mailbox with 10,000 emails takes roughly 15–30 minutes. Mailbox Taxi's parallel processing feature lets you migrate multiple mailboxes simultaneously, significantly reducing total time for batch migrations.

Can I migrate from Gmail to Outlook (or vice versa)?

Yes! Mailbox Taxi supports migration between any combination of its 10+ supported providers. Gmail to Outlook, Outlook to Yahoo, iCloud to Gmail — any direction works. You can also migrate to and from custom IMAP servers.

Will my original emails be deleted after migration?

No. Mailbox Taxi copies emails from the source to the destination. Your original emails remain untouched on the source server. Think of it as a copy operation, not a move.

Do I need technical knowledge to use Mailbox Taxi?

Not at all. Mailbox Taxi is designed for everyone — from IT professionals managing enterprise migrations to individuals switching personal email providers. The interface guides you through each step, and pre-configured provider settings mean you don't need to know IMAP server addresses or port numbers.

Which email providers does Mailbox Taxi support?

Mailbox Taxi supports Gmail, Outlook/Office 365, Yahoo Mail, iCloud Mail, Zoho Mail, AOL Mail, ProtonMail (via ProtonMail Bridge), Fastmail, GMX, Yandex Mail, and any custom IMAP server. If your provider supports IMAP, Mailbox Taxi can handle it.

Can I migrate multiple email accounts at once?

Yes. Mailbox Taxi supports batch migrations via CSV import. Prepare a CSV file with your account details, import it, and run all migrations in parallel. This is ideal for IT teams handling company-wide email migrations or MSPs managing multiple clients.

What happens if the migration fails or my internet drops?

Mailbox Taxi has built-in crash recovery and pause/resume functionality. If your connection drops or the app crashes, simply restart and resume — it picks up exactly where it left off without re-downloading emails or creating duplicates.

Does Mailbox Taxi work with custom IMAP servers?

Yes. Beyond the 10+ pre-configured providers, you can connect to any IMAP server by entering the hostname, port, and security settings manually. This works for self-hosted servers, corporate email systems, and niche providers.

How much does Mailbox Taxi cost?

Mailbox Taxi will be a one-time purchase with no per-mailbox fees, no monthly subscriptions, and unlimited migrations included. Join the waitlist to be notified when pricing is announced and to lock in early access benefits.

Does Mailbox Taxi work with ProtonMail?

Yes, through ProtonMail Bridge. ProtonMail Bridge is a free desktop app from ProtonMail that provides local IMAP access to your ProtonMail account. Once Bridge is running, Mailbox Taxi connects to it like any other IMAP server.

Will my folder structure be preserved during migration?

Yes. Mailbox Taxi preserves your complete folder hierarchy when migrating between servers. Your inbox, sent, drafts, and custom folders are all replicated on the destination server exactly as they appear on the source.

What operating systems does Mailbox Taxi support?

Mailbox Taxi is a desktop application available for Windows, macOS, and Linux. It runs natively on all three platforms with the same features and performance.

What is OAuth 2.0 in one sentence?

OAuth 2.0 is a standard that lets an application access a user's account without ever seeing their password — the user signs in at the provider, and the provider hands back a short-lived token the app uses instead.

Why did Google and Microsoft kill basic auth?

Basic auth sends username and password on every request, which is trivial to phish and trivial to replay. OAuth tokens are scoped, short-lived, revocable, and tied to a specific app, which dramatically shrinks the blast radius of a compromise.

What is a refresh token?

When you grant OAuth access, the provider hands the app two tokens: an access token (good for an hour or so) and a refresh token (good for weeks or months). The app uses the refresh token to silently get new access tokens without prompting you again.

Do I need OAuth for an IMAP migration?

For Gmail and Microsoft 365, yes — basic auth over IMAP has been disabled or is on the way out. Most modern migration tools handle the OAuth dance for you so you click through a consent screen rather than typing a password.

Is OAuth safer than an app password?

Usually yes. OAuth grants can be revoked from a single screen, are scoped to specific permissions, and do not require you to copy a secret value into the tool. App passwords are still useful for providers that do not support OAuth.

Glossary

What Is OAuth 2.0 (for Email)? A Plain-English Guide

What OAuth 2.0 email auth is, how authorization code and client credentials grants work, and why modern auth replaced basic auth at Google and Microsoft.

Alex Kerr

Lead Migration Engineer, Mailbox Taxi

Updated May 21, 2026

· 5 min read

Code on screen representing OAuth token exchange

OAuth 2.0 is the authorization framework that has replaced username-and-password authentication for almost every major email provider. If you are connecting a migration tool, a desktop client, or a backup service to a Gmail or Microsoft 365 mailbox in 2026, you are using OAuth whether you realise it or not. This entry covers what OAuth is, the two grant types that matter for email, and the role the protocol plays when you move mailboxes between providers.

Skip the manual setup — let Mailbox Taxi handle it

One desktop app, every IMAP provider, zero data leaving your machine.

The short definition

OAuth 2.0 is defined in RFC 6749. It is a framework that lets a user authorize a third-party application to access a resource — in our case, a mailbox — without giving the application the user's password. Instead, the user signs in at the resource provider (Google, Microsoft), sees a consent screen listing the permissions the app is requesting, and clicks Allow. The provider hands the app two tokens, and the app uses those tokens on every subsequent request.

That single property — the app never sees the password — is the reason OAuth exists.

Authorization code grant (the one users see)

The authorization code grant is the flow you have already been through a hundred times: click "Sign in with Google", get redirected to Google, log in, click Allow, get bounced back to the app. Behind the scenes:

The app sends you to Google with a request that includes its client ID and the scopes it wants.
You sign in and approve.
Google redirects you back to the app with a short-lived authorization code.
The app exchanges that code (plus a client secret) for an access token and a refresh token.
The app uses the access token on every IMAP, SMTP, or Graph call. When it expires, the refresh token gets a new one.

This is the grant a migration tool uses when you connect your mailbox to it.

Client credentials grant (the one admins set up)

The client credentials grant skips the user entirely. The app authenticates directly with its own client ID and a certificate or secret, and the provider grants it access to mailboxes the tenant admin has pre-authorized. This is how server-to-server migration tools move thousands of mailboxes in a Microsoft 365 tenant without each user clicking through a consent screen.

For client credentials to work, an admin has to grant tenant-wide consent to the app once. After that, the app can access any mailbox in scope.

Why "modern auth" replaced basic auth

Google removed support for password-based IMAP and SMTP for most account types in 2022. Microsoft retired basic auth for Exchange Online in late 2022 (for connectors a little later). The shift was driven by four problems with basic auth:

Passwords travel on every single request.
A compromised password gives full mailbox access until rotation.
There is no scope — the credential is all-or-nothing.
Multi-factor authentication does not work with IMAP basic auth, so it gets bypassed entirely.

OAuth fixes all four. Tokens are scoped, short-lived, revocable from a single admin screen, and the actual sign-in happens through a browser flow where MFA is enforced.

Modern auth and OAuth 2.0 are the same thing

Microsoft documentation uses the phrase "modern authentication" almost interchangeably with OAuth 2.0. If a tool says it requires modern auth, it is asking for an OAuth 2.0 connection. If you hit a modern auth required error, see the fix for modern auth required.

OAuth in migration tools

When you connect a source or destination mailbox to a migration tool, the tool is the OAuth client. You are granting it permission to read (and usually write) the mailbox. The consent screen will list scopes like https://mail.google.com/ for Gmail or IMAP.AccessAsUser.All for Microsoft 365.

A few practical points:

The refresh token is the long-lived secret. If a token gets stuck or stops working mid-migration, see fix OAuth token expired.
You can revoke an OAuth grant at any time from the provider's security page. The migration stops immediately.
For providers that do not support OAuth (older hosts, ProtonMail Bridge, some cPanel setups), you fall back to an app password or a direct IMAP login.

How OAuth fits the bigger picture

OAuth is one part of the migration auth story. You will still see usernames and passwords for legacy boxes, app passwords for Yahoo and Apple, and certificate-based service-principal auth for large Office 365 migrations and Google Workspace migrations. The pattern across all of them is the same: get a credential the receiving provider will accept, then move messages over IMAP or Graph.

Try Mailbox Taxi

Migrate your mailbox the easy way

Join the waitlist for early access and lock in launch pricing.

What Is OAuth 2.0 (for Email)? A Plain-English Guide

Skip the manual setup — let Mailbox Taxi handle it

The short definition

Authorization code grant (the one users see)

Client credentials grant (the one admins set up)

Why "modern auth" replaced basic auth

OAuth in migration tools

How OAuth fits the bigger picture

Migrate your mailbox the easy way

Related reading

What Is an App Password? A Plain-English Guide

What Is IMAP? A Plain-English Definition

Fix OAuth Token Expired During Migration

Fixing "Modern Authentication Required" Errors in Migrations

Office 365 Migration: The Definitive Playbook

Google Workspace Migration: A Complete Guide

Migrate your mailbox the easy way

Skip the manual setup — let Mailbox Taxi handle it

The short definition#

Authorization code grant (the one users see)#

Client credentials grant (the one admins set up)#

Why "modern auth" replaced basic auth#

OAuth in migration tools#

How OAuth fits the bigger picture#

Migrate your mailbox the easy way

Related reading

What Is an App Password? A Plain-English Guide

What Is IMAP? A Plain-English Definition

Fix OAuth Token Expired During Migration

Fixing "Modern Authentication Required" Errors in Migrations

Office 365 Migration: The Definitive Playbook

Google Workspace Migration: A Complete Guide

Migrate your mailbox the easy way

The short definition

Authorization code grant (the one users see)

Client credentials grant (the one admins set up)

Why "modern auth" replaced basic auth

OAuth in migration tools

How OAuth fits the bigger picture