diff --git a/irc/handlers.go b/irc/handlers.go
index 820add90..4d426051 100644
--- a/irc/handlers.go
+++ b/irc/handlers.go
@@ -265,8 +265,7 @@ func authPlainHandler(server *Server, client *Client, session *Session, value []
 	password := string(splitValue[2])
 	err := server.accounts.AuthenticateByPassphrase(client, authcid, password)
 	if err != nil {
-		msg := authErrorToMessage(server, err)
-		rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), fmt.Sprintf("%s: %s", client.t("SASL authentication failed"), client.t(msg)))
+		sendAuthErrorResponse(client, rb, err)
 		return false
 	} else if !fixupNickEqualsAccount(client, rb, server.Config(), "") {
 		return false
@@ -276,6 +275,14 @@ func authPlainHandler(server *Server, client *Client, session *Session, value []
 	return false
 }
 
+func sendAuthErrorResponse(client *Client, rb *ResponseBuffer, err error) {
+	msg := authErrorToMessage(client.server, err)
+	rb.Add(nil, client.server.name, ERR_SASLFAIL, client.nick, fmt.Sprintf("%s: %s", client.t("SASL authentication failed"), client.t(msg)))
+	if err == errAccountUnverified {
+		rb.Add(nil, client.server.name, "FAIL", "AUTHENTICATE", "VERIFICATION_REQUIRED", "*", client.t(err.Error()))
+	}
+}
+
 func authErrorToMessage(server *Server, err error) (msg string) {
 	if throttled, ok := err.(*ThrottleError); ok {
 		return throttled.Error()
@@ -325,8 +332,7 @@ func authExternalHandler(server *Server, client *Client, session *Session, value
 	}
 
 	if err != nil {
-		msg := authErrorToMessage(server, err)
-		rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, fmt.Sprintf("%s: %s", client.t("SASL authentication failed"), client.t(msg)))
+		sendAuthErrorResponse(client, rb, err)
 		return false
 	} else if !fixupNickEqualsAccount(client, rb, server.Config(), "") {
 		return false