I would like to see a configurable email feature that counts that number of failed password attemps and at a defined limit, can optionally freeze the account and email both the domain tech contact the email account owner that there had been a possible hacking attempt. The reason to email both is that if the email account is dormant, owner on holidays etc, the issue can still be caught quickly.
Just recently I had one of my emails hacked by a spammer. They did not interfere with my email, but they did use it to send out a whack of spam. I never noticed until I started getting “undeliverable” messages. I initially ignored them because I have had other email addresses used as the ‘return to’ address. When I got a few more undeliverables I took a close look at the headers and discovered that the sender had authenticated themselves as me. I immediately changed the password and that seemed to halt the use of my email account to send out spam. There has been no repeat.
I don’t know how the spammer managed to hack the email account, but I suspect that he used a brute force attack. That also suggests to me that he probably has a limit to the number of characters he is willing to go in hacking an email account.