So MTM did not happen as far as anyone knows but Phishing did and that is the model to rework to. The fact that you are leveraging the the protocol in place should make it easier.

Perhaps the Phishing is not what you are working against?

LOL ... yes, in a sense we are not working against Phishing, but the combined lethargy of the security community, which dogmatically asserts that the old ways were the right ways. It's only with the advent of phishing that the cracks in the old model are starting to be unavoidable. Phishing grew by 5 times in the last 5 months!