rfc2683.IMAP4_Implementation_recommendations.txt 55 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291
  1. Network Working Group B. Leiba
  2. Request for Comments: 2683 IBM T.J. Watson Research Center
  3. Category: Informational September 1999
  4. IMAP4 Implementation Recommendations
  5. Status of this Memo
  6. This memo provides information for the Internet community. It does
  7. not specify an Internet standard of any kind. Distribution of this
  8. memo is unlimited.
  9. Copyright Notice
  10. Copyright (C) The Internet Society (1999). All Rights Reserved.
  11. 1. Abstract
  12. The IMAP4 specification [RFC-2060] describes a rich protocol for use
  13. in building clients and servers for storage, retrieval, and
  14. manipulation of electronic mail. Because the protocol is so rich and
  15. has so many implementation choices, there are often trade-offs that
  16. must be made and issues that must be considered when designing such
  17. clients and servers. This document attempts to outline these issues
  18. and to make recommendations in order to make the end products as
  19. interoperable as possible.
  20. 2. Conventions used in this document
  21. In examples, "C:" indicates lines sent by a client that is connected
  22. to a server. "S:" indicates lines sent by the server to the client.
  23. The words "must", "must not", "should", "should not", and "may" are
  24. used with specific meaning in this document; since their meaning is
  25. somewhat different from that specified in RFC 2119, we do not put
  26. them in all caps here. Their meaning is as follows:
  27. must -- This word means that the action described is necessary
  28. to ensure interoperability. The recommendation should
  29. not be ignored.
  30. must not -- This phrase means that the action described will be
  31. almost certain to hurt interoperability. The
  32. recommendation should not be ignored.
  33. Leiba Informational [Page 1]
  34. RFC 2683 IMAP4 Implementation Recommendations September 1999
  35. should -- This word means that the action described is strongly
  36. recommended and will enhance interoperability or
  37. usability. The recommendation should not be ignored
  38. without careful consideration.
  39. should not -- This phrase means that the action described is strongly
  40. recommended against, and might hurt interoperability or
  41. usability. The recommendation should not be ignored
  42. without careful consideration.
  43. may -- This word means that the action described is an
  44. acceptable implementation choice. No specific
  45. recommendation is implied; this word is used to point
  46. out a choice that might not be obvious, or to let
  47. implementors know what choices have been made by
  48. existing implementations.
  49. 3. Interoperability Issues and Recommendations
  50. 3.1. Accessibility
  51. This section describes the issues related to access to servers and
  52. server resources. Concerns here include data sharing and maintenance
  53. of client/server connections.
  54. 3.1.1. Multiple Accesses of the Same Mailbox
  55. One strong point of IMAP4 is that, unlike POP3, it allows for
  56. multiple simultaneous access to a single mailbox. A user can, thus,
  57. read mail from a client at home while the client in the office is
  58. still connected; or the help desk staff can all work out of the same
  59. inbox, all seeing the same pool of questions. An important point
  60. about this capability, though is that NO SERVER IS GUARANTEED TO
  61. SUPPORT THIS. If you are selecting an IMAP server and this facility
  62. is important to you, be sure that the server you choose to install,
  63. in the configuration you choose to use, supports it.
  64. If you are designing a client, you must not assume that you can
  65. access the same mailbox more than once at a time. That means
  66. 1. you must handle gracefully the failure of a SELECT command if the
  67. server refuses the second SELECT,
  68. 2. you must handle reasonably the severing of your connection (see
  69. "Severed Connections", below) if the server chooses to allow the
  70. second SELECT by forcing the first off,
  71. 3. you must avoid making multiple connections to the same mailbox in
  72. your own client (for load balancing or other such reasons), and
  73. 4. you must avoid using the STATUS command on a mailbox that you have
  74. selected (with some server implementations the STATUS command has
  75. the same problems with multiple access as do the SELECT and
  76. Leiba Informational [Page 2]
  77. RFC 2683 IMAP4 Implementation Recommendations September 1999
  78. EXAMINE commands).
  79. A further note about STATUS: The STATUS command is sometimes used to
  80. check a non-selected mailbox for new mail. This mechanism must not
  81. be used to check for new mail in the selected mailbox; section 5.2 of
  82. [RFC-2060] specifically forbids this in its last paragraph. Further,
  83. since STATUS takes a mailbox name it is an independent operation, not
  84. operating on the selected mailbox. Because of this, the information
  85. it returns is not necessarily in synchronization with the selected
  86. mailbox state.
  87. 3.1.2. Severed Connections
  88. The client/server connection may be severed for one of three reasons:
  89. the client severs the connection, the server severs the connection,
  90. or the connection is severed by outside forces beyond the control of
  91. the client and the server (a telephone line drops, for example).
  92. Clients and servers must both deal with these situations.
  93. When the client wants to sever a connection, it's usually because it
  94. has finished the work it needed to do on that connection. The client
  95. should send a LOGOUT command, wait for the tagged response, and then
  96. close the socket. But note that, while this is what's intended in
  97. the protocol design, there isn't universal agreement here. Some
  98. contend that sending the LOGOUT and waiting for the two responses
  99. (untagged BYE and tagged OK) is wasteful and unnecessary, and that
  100. the client can simply close the socket. The server should interpret
  101. the closed socket as a log out by the client. The counterargument is
  102. that it's useful from the standpoint of cleanup, problem
  103. determination, and the like, to have an explicit client log out,
  104. because otherwise there is no way for the server to tell the
  105. difference between "closed socket because of log out" and "closed
  106. socket because communication was disrupted". If there is a
  107. client/server interaction problem, a client which routinely
  108. terminates a session by breaking the connection without a LOGOUT will
  109. make it much more difficult to determine the problem.
  110. Because of this disagreement, server designers must be aware that
  111. some clients might close the socket without sending a LOGOUT. In any
  112. case, whether or not a LOGOUT was sent, the server should not
  113. implicitly expunge any messages from the selected mailbox. If a
  114. client wants the server to do so, it must send a CLOSE or EXPUNGE
  115. command explicitly.
  116. When the server wants to sever a connection it's usually due to an
  117. inactivity timeout or is because a situation has arisen that has
  118. changed the state of the mail store in a way that the server can not
  119. communicate to the client. The server should send an untagged BYE
  120. Leiba Informational [Page 3]
  121. RFC 2683 IMAP4 Implementation Recommendations September 1999
  122. response to the client and then close the socket. Sending an
  123. untagged BYE response before severing allows the server to send a
  124. human-readable explanation of the problem to the client, which the
  125. client may then log, display to the user, or both (see section 7.1.5
  126. of [RFC-2060]).
  127. Regarding inactivity timeouts, there is some controversy. Unlike
  128. POP, for which the design is for a client to connect, retrieve mail,
  129. and log out, IMAP's design encourages long-lived (and mostly
  130. inactive) client/server sessions. As the number of users grows, this
  131. can use up a lot of server resources, especially with clients that
  132. are designed to maintain sessions for mailboxes that the user has
  133. finished accessing. To alleviate this, a server may implement an
  134. inactivity timeout, unilaterally closing a session (after first
  135. sending an untagged BYE, as noted above). Some server operators have
  136. reported dramatic improvements in server performance after doing
  137. this. As specified in [RFC-2060], if such a timeout is done it must
  138. not be until at least 30 minutes of inactivity. The reason for this
  139. specification is to prevent clients from sending commands (such as
  140. NOOP) to the server at frequent intervals simply to avert a too-early
  141. timeout. If the client knows that the server may not time out the
  142. session for at least 30 minutes, then the client need not poll at
  143. intervals more frequent than, say, 25 minutes.
  144. 3.2. Scaling
  145. IMAP4 has many features that allow for scalability, as mail stores
  146. become larger and more numerous. Large numbers of users, mailboxes,
  147. and messages, and very large messages require thought to handle
  148. efficiently. This document will not address the administrative
  149. issues involved in large numbers of users, but we will look at the
  150. other items.
  151. 3.2.1. Flood Control
  152. There are three situations when a client can make a request that will
  153. result in a very large response - too large for the client reasonably
  154. to deal with: there are a great many mailboxes available, there are a
  155. great many messages in the selected mailbox, or there is a very large
  156. message part. The danger here is that the end user will be stuck
  157. waiting while the server sends (and the client processes) an enormous
  158. response. In all of these cases there are things a client can do to
  159. reduce that danger.
  160. There is also the case where a client can flood a server, by sending
  161. an arbitratily long command. We'll discuss that issue, too, in this
  162. section.
  163. Leiba Informational [Page 4]
  164. RFC 2683 IMAP4 Implementation Recommendations September 1999
  165. 3.2.1.1. Listing Mailboxes
  166. Some servers present Usenet newsgroups to IMAP users. Newsgroups,
  167. and other such hierarchical mailbox structures, can be very numerous
  168. but may have only a few entries at the top level of hierarchy. Also,
  169. some servers are built against mail stores that can, unbeknownst to
  170. the server, have circular hierarchies - that is, it's possible for
  171. "a/b/c/d" to resolve to the same file structure as "a", which would
  172. then mean that "a/b/c/d/b" is the same as "a/b", and the hierarchy
  173. will never end. The LIST response in this case will be unlimited.
  174. Clients that will have trouble with this are those that use
  175. C: 001 LIST "" *
  176. to determine the mailbox list. Because of this, clients should not
  177. use an unqualified "*" that way in the LIST command. A safer
  178. approach is to list each level of hierarchy individually, allowing
  179. the user to traverse the tree one limb at a time, thus:
  180. C: 001 LIST "" %
  181. S: * LIST () "/" Banana
  182. S: * LIST ...etc...
  183. S: 001 OK done
  184. and then
  185. C: 002 LIST "" Banana/%
  186. S: * LIST () "/" Banana/Apple
  187. S: * LIST ...etc...
  188. S: 002 OK done
  189. Using this technique the client's user interface can give the user
  190. full flexibility without choking on the voluminous reply to "LIST *".
  191. Of course, it is still possible that the reply to
  192. C: 005 LIST "" alt.fan.celebrity.%
  193. may be thousands of entries long, and there is, unfortunately,
  194. nothing the client can do to protect itself from that. This has not
  195. yet been a notable problem.
  196. Servers that may export circular hierarchies (any server that
  197. directly presents a UNIX file system, for instance) should limit the
  198. hierarchy depth to prevent unlimited LIST responses. A suggested
  199. depth limit is 20 hierarchy levels.
  200. Leiba Informational [Page 5]
  201. RFC 2683 IMAP4 Implementation Recommendations September 1999
  202. 3.2.1.2. Fetching the List of Messages
  203. When a client selects a mailbox, it is given a count, in the untagged
  204. EXISTS response, of the messages in the mailbox. This number can be
  205. very large. In such a case it might be unwise to use
  206. C: 004 FETCH 1:* ALL
  207. to populate the user's view of the mailbox. One good method to avoid
  208. problems with this is to batch the requests, thus:
  209. C: 004 FETCH 1:50 ALL
  210. S: * 1 FETCH ...etc...
  211. S: 004 OK done
  212. C: 005 FETCH 51:100 ALL
  213. S: * 51 FETCH ...etc...
  214. S: 005 OK done
  215. C: 006 FETCH 101:150 ALL
  216. ...etc...
  217. Using this method, another command, such as "FETCH 6 BODY[1]" can be
  218. inserted as necessary, and the client will not have its access to the
  219. server blocked by a storm of FETCH replies. (Such a method could be
  220. reversed to fetch the LAST 50 messages first, then the 50 prior to
  221. that, and so on.)
  222. As a smart extension of this, a well designed client, prepared for
  223. very large mailboxes, will not automatically fetch data for all
  224. messages AT ALL. Rather, the client will populate the user's view
  225. only as the user sees it, possibly pre-fetching selected information,
  226. and only fetching other information as the user scrolls to it. For
  227. example, to select only those messages beginning with the first
  228. unseen one:
  229. C: 003 SELECT INBOX
  230. S: * 10000 EXISTS
  231. S: * 80 RECENT
  232. S: * FLAGS (\Answered \Flagged \Deleted \Draft \Seen)
  233. S: * OK [UIDVALIDITY 824708485] UID validity status
  234. S: * OK [UNSEEN 9921] First unseen message
  235. S: 003 OK [READ-WRITE] SELECT completed
  236. C: 004 FETCH 9921:* ALL
  237. ... etc...
  238. If the server does not return an OK [UNSEEN] response, the client may
  239. use SEARCH UNSEEN to obtain that value.
  240. Leiba Informational [Page 6]
  241. RFC 2683 IMAP4 Implementation Recommendations September 1999
  242. This mechanism is good as a default presentation method, but only
  243. works well if the default message order is acceptable. A client may
  244. want to present various sort orders to the user (by subject, by date
  245. sent, by sender, and so on) and in that case (lacking a SORT
  246. extension on the server side) the client WILL have to retrieve all
  247. message descriptors. A client that provides this service should not
  248. do it by default and should inform the user of the costs of choosing
  249. this option for large mailboxes.
  250. 3.2.1.3. Fetching a Large Body Part
  251. The issue here is similar to the one for a list of messages. In the
  252. BODYSTRUCTURE response the client knows the size, in bytes, of the
  253. body part it plans to fetch. Suppose this is a 70 MB video clip. The
  254. client can use partial fetches to retrieve the body part in pieces,
  255. avoiding the problem of an uninterruptible 70 MB literal coming back
  256. from the server:
  257. C: 022 FETCH 3 BODY[1]<0.20000>
  258. S: * 3 FETCH (FLAGS(\Seen) BODY[1]<0> {20000}
  259. S: ...data...)
  260. S: 022 OK done
  261. C: 023 FETCH 3 BODY[1]<20001.20000>
  262. S: * 3 FETCH (BODY[1]<20001> {20000}
  263. S: ...data...)
  264. S: 023 OK done
  265. C: 024 FETCH 3 BODY[1]<40001.20000>
  266. ...etc...
  267. 3.2.1.4. BODYSTRUCTURE vs. Entire Messages
  268. Because FETCH BODYSTRUCTURE is necessary in order to determine the
  269. number of body parts, and, thus, whether a message has "attachments",
  270. clients often use FETCH FULL as their normal method of populating the
  271. user's view of a mailbox. The benefit is that the client can display
  272. a paperclip icon or some such indication along with the normal
  273. message summary. However, this comes at a significant cost with some
  274. server configurations. The parsing needed to generate the FETCH
  275. BODYSTRUCTURE response may be time-consuming compared with that
  276. needed for FETCH ENVELOPE. The client developer should consider this
  277. issue when deciding whether the ability to add a paperclip icon is
  278. worth the tradeoff in performance, especially with large mailboxes.
  279. Some clients, rather than using FETCH BODYSTRUCTURE, use FETCH BODY[]
  280. (or the equivalent FETCH RFC822) to retrieve the entire message.
  281. They then do the MIME parsing in the client. This may give the
  282. client slightly more flexibility in some areas (access, for instance,
  283. to header fields that aren't returned in the BODYSTRUCTURE and
  284. Leiba Informational [Page 7]
  285. RFC 2683 IMAP4 Implementation Recommendations September 1999
  286. ENVELOPE responses), but it can cause severe performance problems by
  287. forcing the transfer of all body parts when the user might only want
  288. to see some of them - a user logged on by modem and reading a small
  289. text message with a large ZIP file attached may prefer to read the
  290. text only and save the ZIP file for later. Therefore, a client
  291. should not normally retrieve entire messages and should retrieve
  292. message body parts selectively.
  293. 3.2.1.5. Long Command Lines
  294. A client can wind up building a very long command line in an effort to
  295. try to be efficient about requesting information from a server. This
  296. can typically happen when a client builds a message set from selected
  297. messages and doesn't recognise that contiguous blocks of messages may
  298. be group in a range. Suppose a user selects all 10,000 messages in a
  299. large mailbox and then unselects message 287. The client could build
  300. that message set as "1:286,288:10000", but a client that doesn't
  301. handle that might try to enumerate each message individually and build
  302. "1,2,3,4, [and so on] ,9999,10000". Adding that to the fetch command
  303. results in a command line that's almost 49,000 octets long, and,
  304. clearly, one can construct a command line that's even longer.
  305. A client should limit the length of the command lines it generates to
  306. approximately 1000 octets (including all quoted strings but not
  307. including literals). If the client is unable to group things into
  308. ranges so that the command line is within that length, it should
  309. split the request into multiple commands. The client should use
  310. literals instead of long quoted strings, in order to keep the command
  311. length down.
  312. For its part, a server should allow for a command line of at least
  313. 8000 octets. This provides plenty of leeway for accepting reasonable
  314. length commands from clients. The server should send a BAD response
  315. to a command that does not end within the server's maximum accepted
  316. command length.
  317. 3.2.2. Subscriptions
  318. The client isn't the only entity that can get flooded: the end user,
  319. too, may need some flood control. The IMAP4 protocol provides such
  320. control in the form of subscriptions. Most servers support the
  321. SUBSCRIBE, UNSUBSCRIBE, and LSUB commands, and many users choose to
  322. narrow down a large list of available mailboxes by subscribing to the
  323. ones that they usually want to see. Clients, with this in mind,
  324. should give the user a way to see only subscribed mailboxes. A
  325. client that never uses the LSUB command takes a significant usability
  326. feature away from the user. Of course, the client would not want to
  327. hide the LIST command completely; the user needs to have a way to
  328. Leiba Informational [Page 8]
  329. RFC 2683 IMAP4 Implementation Recommendations September 1999
  330. choose between LIST and LSUB. The usual way to do this is to provide
  331. a setting like "show which mailboxes?: [] all [] subscribed only".
  332. 3.2.3. Searching
  333. IMAP SEARCH commands can become particularly troublesome (that is,
  334. slow) on mailboxes containing a large number of messages. So let's
  335. put a few things in perspective in that regard.
  336. The flag searches should be fast. The flag searches (ALL, [UN]SEEN,
  337. [UN]ANSWERED, [UN]DELETED, [UN]DRAFT, [UN]FLAGGED, NEW, OLD, RECENT)
  338. are known to be used by clients for the client's own use (for
  339. instance, some clients use "SEARCH UNSEEN" to find unseen mail and
  340. "SEARCH DELETED" to warn the user before expunging messages).
  341. Other searches, particularly the text searches (HEADER, TEXT, BODY)
  342. are initiated by the user, rather than by the client itself, and
  343. somewhat slower performance can be tolerated, since the user is aware
  344. that the search is being done (and is probably aware that it might be
  345. time-consuming). A smart server might use dynamic indexing to speed
  346. commonly used text searches.
  347. The client may allow other commands to be sent to the server while a
  348. SEARCH is in progress, but at the time of this writing there is
  349. little or no server support for parallel processing of multiple
  350. commands in the same session (and see "Multiple Accesses of the Same
  351. Mailbox" above for a description of the dangers of trying to work
  352. around this by doing your SEARCH in another session).
  353. Another word about text searches: some servers, built on database
  354. back-ends with indexed search capabilities, may return search results
  355. that do not match the IMAP spec's "case-insensitive substring"
  356. requirements. While these servers are in violation of the protocol,
  357. there is little harm in the violation as long as the search results
  358. are used only in response to a user's request. Still, developers of
  359. such servers should be aware that they ARE violating the protocol,
  360. should think carefully about that behaviour, and must be certain that
  361. their servers respond accurately to the flag searches for the reasons
  362. outlined above.
  363. In addition, servers should support CHARSET UTF-8 [UTF-8] in
  364. searches.
  365. Leiba Informational [Page 9]
  366. RFC 2683 IMAP4 Implementation Recommendations September 1999
  367. 3.3 Avoiding Invalid Requests
  368. IMAP4 provides ways for a server to tell a client in advance what is
  369. and isn't permitted in some circumstances. Clients should use these
  370. features to avoid sending requests that a well designed client would
  371. know to be invalid. This section explains this in more detail.
  372. 3.3.1. The CAPABILITY Command
  373. All IMAP4 clients should use the CAPABILITY command to determine what
  374. version of IMAP and what optional features a server supports. The
  375. client should not send IMAP4rev1 commands and arguments to a server
  376. that does not advertize IMAP4rev1 in its CAPABILITY response.
  377. Similarly, the client should not send IMAP4 commands that no longer
  378. exist in IMAP4rev1 to a server that does not advertize IMAP4 in its
  379. CAPABILITY response. An IMAP4rev1 server is NOT required to support
  380. obsolete IMAP4 or IMAP2bis commands (though some do; do not let this
  381. fact lull you into thinking that it's valid to send such commands to
  382. an IMAP4rev1 server).
  383. A client should not send commands to probe for the existance of
  384. certain extensions. All standard and standards-track extensions
  385. include CAPABILITY tokens indicating their presense. All private and
  386. experimental extensions should do the same, and clients that take
  387. advantage of them should use the CAPABILITY response to determine
  388. whether they may be used or not.
  389. 3.3.2. Don't Do What the Server Says You Can't
  390. In many cases, the server, in response to a command, will tell the
  391. client something about what can and can't be done with a particular
  392. mailbox. The client should pay attention to this information and
  393. should not try to do things that it's been told it can't do.
  394. Examples:
  395. * Do not try to SELECT a mailbox that has the \Noselect flag set.
  396. * Do not try to CREATE a sub-mailbox in a mailbox that has the
  397. \Noinferiors flag set.
  398. * Do not respond to a failing COPY or APPEND command by trying to
  399. CREATE the target mailbox if the server does not respond with a
  400. [TRYCREATE] response code.
  401. * Do not try to expunge a mailbox that has been selected with the
  402. [READ-ONLY] response code.
  403. Leiba Informational [Page 10]
  404. RFC 2683 IMAP4 Implementation Recommendations September 1999
  405. 3.4. Miscellaneous Protocol Considerations
  406. We describe here a number of important protocol-related issues, the
  407. misunderstanding of which has caused significant interoperability
  408. problems in IMAP4 implementations. One general item is that every
  409. implementer should be certain to take note of and to understand
  410. section 2.2.2 and the preamble to section 7 of the IMAP4rev1 spec
  411. [RFC-2060].
  412. 3.4.1. Well Formed Protocol
  413. We cannot stress enough the importance of adhering strictly to the
  414. protocol grammar. The specification of the protocol is quite rigid;
  415. do not assume that you can insert blank space for "readability" if
  416. none is called for. Keep in mind that there are parsers out there
  417. that will crash if there are protocol errors. There are clients that
  418. will report every parser burp to the user. And in any case,
  419. information that cannot be parsed is information that is lost. Be
  420. careful in your protocol generation. And see "A Word About Testing",
  421. below.
  422. In particular, note that the string in the INTERNALDATE response is
  423. NOT an RFC-822 date string - that is, it is not in the same format as
  424. the first string in the ENVELOPE response. Since most clients will,
  425. in fact, accept an RFC-822 date string in the INTERNALDATE response,
  426. it's easy to miss this in your interoperability testing. But it will
  427. cause a problem with some client, so be sure to generate the correct
  428. string for this field.
  429. 3.4.2. Special Characters
  430. Certain characters, currently the double-quote and the backslash, may
  431. not be sent as-is inside a quoted string. These characters must be
  432. preceded by the escape character if they are in a quoted string, or
  433. else the string must be sent as a literal. Both clients and servers
  434. must handle this, both on output (they must send these characters
  435. properly) and on input (they must be able to receive escaped
  436. characters in quoted strings). Example:
  437. C: 001 LIST "" %
  438. S: * LIST () "" INBOX
  439. S: * LIST () "\\" TEST
  440. S: * LIST () "\\" {12}
  441. S: "My" mailbox
  442. S: 001 OK done
  443. C: 002 LIST "" "\"My\" mailbox\\%"
  444. S: * LIST () "\\" {17}
  445. S: "My" mailbox\Junk
  446. Leiba Informational [Page 11]
  447. RFC 2683 IMAP4 Implementation Recommendations September 1999
  448. S: 002 OK done
  449. Note that in the example the server sent the hierarchy delimiter as
  450. an escaped character in the quoted string and sent the mailbox name
  451. containing imbedded double-quotes as a literal. The client used only
  452. quoted strings, escaping both the backslash and the double-quote
  453. characters.
  454. The CR and LF characters may be sent ONLY in literals; they are not
  455. allowed, even if escaped, inside quoted strings.
  456. And while we're talking about special characters: the IMAP spec, in
  457. the section titled "Mailbox International Naming Convention",
  458. describes how to encode mailbox names in modified UTF-7 [UTF-7 and
  459. RFC-2060]. Implementations must adhere to this in order to be
  460. interoperable in the international market, and servers should
  461. validate mailbox names sent by client and reject names that do not
  462. conform.
  463. As to special characters in userids and passwords: clients must not
  464. restrict what a user may type in for a userid or a password. The
  465. formal grammar specifies that these are "astrings", and an astring
  466. can be a literal. A literal, in turn can contain any 8-bit
  467. character, and clients must allow users to enter all 8-bit characters
  468. here, and must pass them, unchanged, to the server (being careful to
  469. send them as literals when necessary). In particular, some server
  470. configurations use "@" in user names, and some clients do not allow
  471. that character to be entered; this creates a severe interoperability
  472. problem.
  473. 3.4.3. UIDs and UIDVALIDITY
  474. Servers that support existing back-end mail stores often have no good
  475. place to save UIDs for messages. Often the existing mail store will
  476. not have the concept of UIDs in the sense that IMAP has: strictly
  477. increasing, never re-issued, 32-bit integers. Some servers solve
  478. this by storing the UIDs in a place that's accessible to end users,
  479. allowing for the possibility that the users will delete them. Others
  480. solve it by re-assigning UIDs every time a mailbox is selected.
  481. The server should maintain UIDs permanently for all messages if it
  482. can. If that's not possible, the server must change the UIDVALIDITY
  483. value for the mailbox whenever any of the UIDs may have become
  484. invalid. Clients must recognize that the UIDVALIDITY has changed and
  485. must respond to that condition by throwing away any information that
  486. they have saved about UIDs in that mailbox. There have been many
  487. problems in this area when clients have failed to do this; in the
  488. worst case it will result in loss of mail when a client deletes the
  489. Leiba Informational [Page 12]
  490. RFC 2683 IMAP4 Implementation Recommendations September 1999
  491. wrong piece of mail by using a stale UID.
  492. It seems to be a common misunderstanding that "the UIDVALIDITY and
  493. the UID, taken together, form a 64-bit identifier that uniquely
  494. identifies a message on a server". This is absolutely NOT TRUE.
  495. There is no assurance that the UIDVALIDITY values of two mailboxes be
  496. different, so the UIDVALIDITY in no way identifies a mailbox. The
  497. ONLY purpose of UIDVALIDITY is, as its name indicates, to give the
  498. client a way to check the validity of the UIDs it has cached. While
  499. it is a valid implementation choice to put these values together to
  500. make a 64-bit identifier for the message, the important concept here
  501. is that UIDs are not unique between mailboxes; they are only unique
  502. WITHIN a given mailbox.
  503. Some server implementations have attempted to make UIDs unique across
  504. the entire server. This is inadvisable, in that it limits the life
  505. of UIDs unnecessarily. The UID is a 32-bit number and will run out
  506. in reasonably finite time if it's global across the server. If you
  507. assign UIDs sequentially in one mailbox, you will not have to start
  508. re-using them until you have had, at one time or another, 2**32
  509. different messages in that mailbox. In the global case, you will
  510. have to reuse them once you have had, at one time or another, 2**32
  511. different messages in the entire mail store. Suppose your server has
  512. around 8000 users registered (2**13). That gives an average of 2**19
  513. UIDs per user. Suppose each user gets 32 messages (2**5) per day.
  514. That gives you 2**14 days (16000+ days = about 45 years) before you
  515. run out. That may seem like enough, but multiply the usage just a
  516. little (a lot of spam, a lot of mailing list subscriptions, more
  517. users) and you limit yourself too much.
  518. What's worse is that if you have to wrap the UIDs, and, thus, you
  519. have to change UIDVALIDITY and invalidate the UIDs in the mailbox,
  520. you have to do it for EVERY mailbox in the system, since they all
  521. share the same UID pool. If you assign UIDs per mailbox and you have
  522. a problem, you only have to kill the UIDs for that one mailbox.
  523. Under extreme circumstances (and this is extreme, indeed), the server
  524. may have to invalidate UIDs while a mailbox is in use by a client -
  525. that is, the UIDs that the client knows about in its active mailbox
  526. are no longer valid. In that case, the server must immediately
  527. change the UIDVALIDITY and must communicate this to the client. The
  528. server may do this by sending an unsolicited UIDVALIDITY message, in
  529. the same form as in response to the SELECT command. Clients must be
  530. prepared to handle such a message and the possibly coincident failure
  531. of the command in process. For example:
  532. Leiba Informational [Page 13]
  533. RFC 2683 IMAP4 Implementation Recommendations September 1999
  534. C: 032 UID STORE 382 +Flags.silent \Deleted
  535. S: * OK [UIDVALIDITY 12345] New UIDVALIDITY value!
  536. S: 032 NO UID command rejected because UIDVALIDITY changed!
  537. C: ...invalidates local information and re-fetches...
  538. C: 033 FETCH 1:* UID
  539. ...etc...
  540. At the time of the writing of this document, the only server known to
  541. do this does so only under the following condition: the client
  542. selects INBOX, but there is not yet a physical INBOX file created.
  543. Nonetheless, the SELECT succeeds, exporting an empty INBOX with a
  544. temporary UIDVALIDITY of 1. While the INBOX remains selected, mail
  545. is delivered to the user, which creates the real INBOX file and
  546. assigns a permanent UIDVALIDITY (that is likely not to be 1). The
  547. server reports the change of UIDVALIDITY, but as there were no
  548. messages before, so no UIDs have actually changed, all the client
  549. must do is accept the change in UIDVALIDITY.
  550. Alternatively, a server may force the client to re-select the
  551. mailbox, at which time it will obtain a new UIDVALIDITY value. To do
  552. this, the server closes this client session (see "Severed
  553. Connections" above) and the client then reconnects and gets back in
  554. synch. Clients must be prepared for either of these behaviours.
  555. We do not know of, nor do we anticipate the future existance of, a
  556. server that changes UIDVALIDITY while there are existing messages,
  557. but clients must be prepared to handle this eventuality.
  558. 3.4.4. FETCH Responses
  559. When a client asks for certain information in a FETCH command, the
  560. server may return the requested information in any order, not
  561. necessarily in the order that it was requested. Further, the server
  562. may return the information in separate FETCH responses and may also
  563. return information that was not explicitly requested (to reflect to
  564. the client changes in the state of the subject message). Some
  565. examples:
  566. C: 001 FETCH 1 UID FLAGS INTERNALDATE
  567. S: * 5 FETCH (FLAGS (\Deleted))
  568. S: * 1 FETCH (FLAGS (\Seen) INTERNALDATE "..." UID 345)
  569. S: 001 OK done
  570. (In this case, the responses are in a different order. Also, the
  571. server returned a flag update for message 5, which wasn't part of the
  572. client's request.)
  573. Leiba Informational [Page 14]
  574. RFC 2683 IMAP4 Implementation Recommendations September 1999
  575. C: 002 FETCH 2 UID FLAGS INTERNALDATE
  576. S: * 2 FETCH (INTERNALDATE "...")
  577. S: * 2 FETCH (UID 399)
  578. S: * 2 FETCH (FLAGS ())
  579. S: 002 OK done
  580. (In this case, the responses are in a different order and were
  581. returned in separate responses.)
  582. C: 003 FETCH 2 BODY[1]
  583. S: * 2 FETCH (FLAGS (\Seen) BODY[1] {14}
  584. S: Hello world!
  585. S: )
  586. S: 003 OK done
  587. (In this case, the FLAGS response was added by the server, since
  588. fetching the body part caused the server to set the \Seen flag.)
  589. Because of this characteristic a client must be ready to receive any
  590. FETCH response at any time and should use that information to update
  591. its local information about the message to which the FETCH response
  592. refers. A client must not assume that any FETCH responses will come
  593. in any particular order, or even that any will come at all. If after
  594. receiving the tagged response for a FETCH command the client finds
  595. that it did not get all of the information requested, the client
  596. should send a NOOP command to the server to ensure that the server
  597. has an opportunity to send any pending EXPUNGE responses to the
  598. client (see [RFC-2180]).
  599. 3.4.5. RFC822.SIZE
  600. Some back-end mail stores keep the mail in a canonical form, rather
  601. than retaining the original MIME format of the messages. This means
  602. that the server must reassemble the message to produce a MIME stream
  603. when a client does a fetch such as RFC822 or BODY[], requesting the
  604. entire message. It also may mean that the server has no convenient
  605. way to know the RFC822.SIZE of the message. Often, such a server
  606. will actually have to build the MIME stream to compute the size, only
  607. to throw the stream away and report the size to the client.
  608. When this is the case, some servers have chosen to estimate the size,
  609. rather than to compute it precisely. Such an estimate allows the
  610. client to display an approximate size to the user and to use the
  611. estimate in flood control considerations (q.v.), but requires that
  612. the client not use the size for things such as allocation of buffers,
  613. because those buffers might then be too small to hold the actual MIME
  614. stream. Instead, a client should use the size that's returned in the
  615. literal when you fetch the data.
  616. Leiba Informational [Page 15]
  617. RFC 2683 IMAP4 Implementation Recommendations September 1999
  618. The protocol requires that the RFC822.SIZE value returned by the
  619. server be EXACT. Estimating the size is a protocol violation, and
  620. server designers must be aware that, despite the performance savings
  621. they might realize in using an estimate, this practice will cause
  622. some clients to fail in various ways. If possible, the server should
  623. compute the RFC822.SIZE for a particular message once, and then save
  624. it for later retrieval. If that's not possible, the server must
  625. compute the value exactly every time. Incorrect estimates do cause
  626. severe interoperability problems with some clients.
  627. 3.4.6. Expunged Messages
  628. If the server allows multiple connections to the same mailbox, it is
  629. often possible for messages to be expunged in one client unbeknownst
  630. to another client. Since the server is not allowed to tell the
  631. client about these expunged messages in response to a FETCH command,
  632. the server may have to deal with the issue of how to return
  633. information about an expunged message. There was extensive
  634. discussion about this issue, and the results of that discussion are
  635. summarized in [RFC-2180]. See that reference for a detailed
  636. explanation and for recommendations.
  637. 3.4.7. The Namespace Issue
  638. Namespaces are a very muddy area in IMAP4 implementation right now
  639. (see [NAMESPACE] for a proposal to clear the water a bit). Until the
  640. issue is resolved, the important thing for client developers to
  641. understand is that some servers provide access through IMAP to more
  642. than just the user's personal mailboxes, and, in fact, the user's
  643. personal mailboxes may be "hidden" somewhere in the user's default
  644. hierarchy. The client, therefore, should provide a setting wherein
  645. the user can specify a prefix to be used when accessing mailboxes. If
  646. the user's mailboxes are all in "~/mail/", for instance, then the
  647. user can put that string in the prefix. The client would then put
  648. the prefix in front of any name pattern in the LIST and LSUB
  649. commands:
  650. C: 001 LIST "" ~/mail/%
  651. (See also "Reference Names in the LIST Command" below.)
  652. 3.4.8. Creating Special-Use Mailboxes
  653. It may seem at first that this is part of the namespace issue; it is
  654. not, and is only indirectly related to it. A number of clients like
  655. to create special-use mailboxes with particular names. Most
  656. commonly, clients with a "trash folder" model of message deletion
  657. want to create a mailbox with the name "Trash" or "Deleted". Some
  658. Leiba Informational [Page 16]
  659. RFC 2683 IMAP4 Implementation Recommendations September 1999
  660. clients want to create a "Drafts" mailbox, an "Outbox" mailbox, or a
  661. "Sent Mail" mailbox. And so on. There are two major
  662. interoperability problems with this practice:
  663. 1. different clients may use different names for mailboxes with
  664. similar functions (such as "Trash" and "Deleted"), or may manage
  665. the same mailboxes in different ways, causing problems if a user
  666. switches between clients and
  667. 2. there is no guarantee that the server will allow the creation of
  668. the desired mailbox.
  669. The client developer is, therefore, well advised to consider
  670. carefully the creation of any special-use mailboxes on the server,
  671. and, further, the client must not require such mailbox creation -
  672. that is, if you do decide to do this, you must handle gracefully the
  673. failure of the CREATE command and behave reasonably when your
  674. special-use mailboxes do not exist and can not be created.
  675. In addition, the client developer should provide a convenient way for
  676. the user to select the names for any special-use mailboxes, allowing
  677. the user to make these names the same in all clients used and to put
  678. them where the user wants them.
  679. 3.4.9. Reference Names in the LIST Command
  680. Many implementers of both clients and servers are confused by the
  681. "reference name" on the LIST command. The reference name is intended
  682. to be used in much the way a "cd" (change directory) command is used
  683. on Unix, PC DOS, Windows, and OS/2 systems. That is, the mailbox
  684. name is interpreted in much the same way as a file of that name would
  685. be found if one had done a "cd" command into the directory specified
  686. by the reference name. For example, in Unix we have the following:
  687. > cd /u/jones/junk
  688. > vi banana [file is "/u/jones/junk/banana"]
  689. > vi stuff/banana [file is "/u/jones/junk/stuff/banana"]
  690. > vi /etc/hosts [file is "/etc/hosts"]
  691. In the past, there have been several interoperability problems with
  692. this. First, while some IMAP servers are built on Unix or PC file
  693. systems, many others are not, and the file system semantics do not
  694. make sense in those configurations. Second, while some IMAP servers
  695. expose the underlying file system to the clients, others allow access
  696. only to the user's personal mailboxes, or to some other limited set
  697. of files, making such file-system-like semantics less meaningful.
  698. Third, because the IMAP spec leaves the interpretation of the
  699. reference name as "implementation-dependent", in the past the various
  700. server implementations handled it in vastly differing ways.
  701. Leiba Informational [Page 17]
  702. RFC 2683 IMAP4 Implementation Recommendations September 1999
  703. The following recommendations are the result of significant
  704. operational experience, and are intended to maximize
  705. interoperability.
  706. Server implementations must implement the reference argument in a way
  707. that matches the intended "change directory" operation as closely as
  708. possible. As a minimum implementation, the reference argument may be
  709. prepended to the mailbox name (while suppressing double delimiters;
  710. see the next paragraph). Even servers that do not provide a way to
  711. break out of the current hierarchy (see "breakout facility" below)
  712. must provide a reasonable implementation of the reference argument,
  713. as described here, so that they will interoperate with clients that
  714. use it.
  715. Server implementations that prepend the reference argument to the
  716. mailbox name should insert a hierarchy delimiter between them, and
  717. must not insert a second if one is already present:
  718. C: A001 LIST ABC DEF
  719. S: * LIST () "/" ABC/DEF <=== should do this
  720. S: A001 OK done
  721. C: A002 LIST ABC/ /DEF
  722. S: * LIST () "/" ABC//DEF <=== must not do this
  723. S: A002 OK done
  724. On clients, the reference argument is chiefly used to implement a
  725. "breakout facility", wherein the user may directly access a mailbox
  726. outside the "current directory" hierarchy. Client implementations
  727. should have an operational mode that does not use the reference
  728. argument. This is to interoperate with older servers that did not
  729. implement the reference argument properly. While it's a good idea to
  730. give the user access to a breakout facility, clients that do not
  731. intend to do so should not use the reference argument at all.
  732. Client implementations should always place a trailing hierarchy
  733. delimiter on the reference argument. This is because some servers
  734. prepend the reference argument to the mailbox name without inserting
  735. a hierarchy delimiter, while others do insert a hierarchy delimiter
  736. if one is not already present. A client that puts the delimiter in
  737. will work with both varieties of server.
  738. Client implementations that implement a breakout facility should
  739. allow the user to choose whether or not to use a leading hierarchy
  740. delimiter on the mailbox argument. This is because the handling of a
  741. leading mailbox hierarchy delimiter also varies from server to
  742. server, and even between different mailstores on the same server. In
  743. some cases, a leading hierarchy delimiter means "discard the
  744. Leiba Informational [Page 18]
  745. RFC 2683 IMAP4 Implementation Recommendations September 1999
  746. reference argument" (implementing the intended breakout facility),
  747. thus:
  748. C: A001 LIST ABC/ /DEF
  749. S: * LIST () "/" /DEF
  750. S: A001 OK done
  751. In other cases, however, the two are catenated and the extra
  752. hierarchy delimiter is discarded, thus:
  753. C: A001 LIST ABC/ /DEF
  754. S: * LIST () "/" ABC/DEF
  755. S: A001 OK done
  756. Client implementations must not assume that the server supports a
  757. breakout facility, but may provide a way for the user to use one if
  758. it is available. Any breakout facility should be exported to the
  759. user interface. Note that there may be other "breakout" characters
  760. besides the hierarchy delimiter (for instance, UNIX filesystem
  761. servers are likely to use a leading "~" as well), and that their
  762. interpretation is server-dependent.
  763. 3.4.10. Mailbox Hierarchy Delimiters
  764. The server's selection of what to use as a mailbox hierarchy
  765. delimiter is a difficult one, involving several issues: What
  766. characters do users expect to see? What characters can they enter
  767. for a hierarchy delimiter if it is desired (or required) that the
  768. user enter it? What character can be used for the hierarchy
  769. delimiter, noting that the chosen character can not otherwise be used
  770. in the mailbox name?
  771. Because some interfaces show users the hierarchy delimiters or allow
  772. users to enter qualified mailbox names containing them, server
  773. implementations should use delimiter characters that users generally
  774. expect to see as name separators. The most common characters used
  775. for this are "/" (as in Unix file names), "\" (as in OS/2 and Windows
  776. file names), and "." (as in news groups). There is little to choose
  777. among these apart from what users may expect or what is dictated by
  778. the underlying file system, if any. One consideration about using
  779. "\" is that it's also a special character in the IMAP protocol. While
  780. the use of other hierarchy delimiter characters is permissible, A
  781. DESIGNER IS WELL ADVISED TO STAY WITH ONE FROM THIS SET unless the
  782. server is intended for special purposes only. Implementers might be
  783. thinking about using characters such as "-", "_", ";", "&", "#", "@",
  784. and "!", but they should be aware of the surprise to the user as well
  785. as of the effect on URLs and other external specifications (since
  786. some of these characters have special meanings there). Also, a
  787. Leiba Informational [Page 19]
  788. RFC 2683 IMAP4 Implementation Recommendations September 1999
  789. server that uses "\" (and clients of such a server) must remember to
  790. escape that character in quoted strings or to send literals instead.
  791. Literals are recommended over escaped characters in quoted strings in
  792. order to maintain compatibility with older IMAP versions that did not
  793. allow escaped characters in quoted strings (but check the grammar to
  794. see where literals are allowed):
  795. C: 001 LIST "" {13}
  796. S: + send literal
  797. C: this\%\%\%\h*
  798. S: * LIST () "\\" {27}
  799. S: this\is\a\mailbox\hierarchy
  800. S: 001 OK LIST complete
  801. In any case, a server should not use normal alpha-numeric characters
  802. (such as "X" or "0") as delimiters; a user would be very surprised to
  803. find that "EXPENDITURES" actually represented a two-level hierarchy.
  804. And a server should not use characters that are non-printable or
  805. difficult or impossible to enter on a standard US keyboard. Control
  806. characters, box-drawing characters, and characters from non-US
  807. alphabets fit into this category. Their use presents
  808. interoperability problems that are best avoided.
  809. The UTF-7 encoding of mailbox names also raises questions about what
  810. to do with the hierarchy delimiters in encoded names: do we encode
  811. each hierarchy level and separate them with delimiters, or do we
  812. encode the fully qualified name, delimiters and all? The answer for
  813. IMAP is the former: encode each hierarchy level separately, and
  814. insert delimiters between. This makes it particularly important not
  815. to use as a hierarchy delimiter a character that might cause
  816. confusion with IMAP's modified UTF-7 [UTF-7 and RFC-2060] encoding.
  817. To repeat: a server should use "/", "\", or "." as its hierarchy
  818. delimiter. The use of any other character is likely to cause
  819. problems and is STRONGLY DISCOURAGED.
  820. 3.4.11. ALERT Response Codes
  821. The protocol spec is very clear on the matter of what to do with
  822. ALERT response codes, and yet there are many clients that violate it
  823. so it needs to be said anyway: "The human-readable text contains a
  824. special alert that must be presented to the user in a fashion that
  825. calls the user's attention to the message." That should be clear
  826. enough, but I'll repeat it here: Clients must present ALERT text
  827. clearly to the user.
  828. Leiba Informational [Page 20]
  829. RFC 2683 IMAP4 Implementation Recommendations September 1999
  830. 3.4.12. Deleting Mailboxes
  831. The protocol does not guarantee that a client may delete a mailbox
  832. that is not empty, though on some servers it is permissible and is,
  833. in fact, much faster than the alternative or deleting all the
  834. messages from the client. If the client chooses to try to take
  835. advantage of this possibility it must be prepared to use the other
  836. method in the even that the more convenient one fails. Further, a
  837. client should not try to delete the mailbox that it has selected, but
  838. should first close that mailbox; some servers do not permit the
  839. deletion of the selected mailbox.
  840. That said, a server should permit the deletion of a non-empty
  841. mailbox; there's little reason to pass this work on to the client.
  842. Moreover, forbidding this prevents the deletion of a mailbox that for
  843. some reason can not be opened or expunged, leading to possible
  844. denial-of-service problems.
  845. Example:
  846. [User tells the client to delete mailbox BANANA, which is
  847. currently selected...]
  848. C: 008 CLOSE
  849. S: 008 OK done
  850. C: 009 DELETE BANANA
  851. S: 009 NO Delete failed; mailbox is not empty.
  852. C: 010 SELECT BANANA
  853. S: * ... untagged SELECT responses
  854. S: 010 OK done
  855. C: 011 STORE 1:* +FLAGS.SILENT \DELETED
  856. S: 011 OK done
  857. C: 012 CLOSE
  858. S: 012 OK done
  859. C: 013 DELETE BANANA
  860. S: 013 OK done
  861. 3.5. A Word About Testing
  862. Since the whole point of IMAP is interoperability, and since
  863. interoperability can not be tested in a vacuum, the final
  864. recommendation of this treatise is, "Test against EVERYTHING." Test
  865. your client against every server you can get an account on. Test
  866. your server with every client you can get your hands on. Many
  867. clients make limited test versions available on the Web for the
  868. downloading. Many server owners will give serious client developers
  869. guest accounts for testing. Contact them and ask. NEVER assume that
  870. because your client works with one or two servers, or because your
  871. server does fine with one or two clients, you will interoperate well
  872. Leiba Informational [Page 21]
  873. RFC 2683 IMAP4 Implementation Recommendations September 1999
  874. in general.
  875. In particular, in addition to everything else, be sure to test
  876. against the reference implementations: the PINE client, the
  877. University of Washington server, and the Cyrus server.
  878. See the following URLs on the web for more information here:
  879. IMAP Products and Sources: http://www.imap.org/products.html
  880. IMC MailConnect: http://www.imc.org/imc-mailconnect
  881. 4. Security Considerations
  882. This document describes behaviour of clients and servers that use the
  883. IMAP4 protocol, and as such, has the same security considerations as
  884. described in [RFC-2060].
  885. 5. References
  886. [RFC-2060] Crispin, M., "Internet Message Access Protocol - Version
  887. 4rev1", RFC 2060, December 1996.
  888. [RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate
  889. Requirement Levels", BCP 14, RFC 2119, March 1997.
  890. [RFC-2180] Gahrns, M., "IMAP4 Multi-Accessed Mailbox Practice", RFC
  891. 2180, July 1997.
  892. [UTF-8] Yergeau, F., " UTF-8, a transformation format of Unicode
  893. and ISO 10646", RFC 2044, October 1996.
  894. [UTF-7] Goldsmith, D. and M. Davis, "UTF-7, a Mail-Safe
  895. Transformation Format of Unicode", RFC 2152, May 1997.
  896. [NAMESPACE] Gahrns, M. and C. Newman, "IMAP4 Namespace", Work in
  897. Progress.
  898. 6. Author's Address
  899. Barry Leiba
  900. IBM T.J. Watson Research Center
  901. 30 Saw Mill River Road
  902. Hawthorne, NY 10532
  903. Phone: 1-914-784-7941
  904. EMail: leiba@watson.ibm.com
  905. Leiba Informational [Page 22]
  906. RFC 2683 IMAP4 Implementation Recommendations September 1999
  907. 7. Full Copyright Statement
  908. Copyright (C) The Internet Society (1999). All Rights Reserved.
  909. This document and translations of it may be copied and furnished to
  910. others, and derivative works that comment on or otherwise explain it
  911. or assist in its implementation may be prepared, copied, published
  912. and distributed, in whole or in part, without restriction of any
  913. kind, provided that the above copyright notice and this paragraph are
  914. included on all such copies and derivative works. However, this
  915. document itself may not be modified in any way, such as by removing
  916. the copyright notice or references to the Internet Society or other
  917. Internet organizations, except as needed for the purpose of
  918. developing Internet standards in which case the procedures for
  919. copyrights defined in the Internet Standards process must be
  920. followed, or as required to translate it into languages other than
  921. English.
  922. The limited permissions granted above are perpetual and will not be
  923. revoked by the Internet Society or its successors or assigns.
  924. This document and the information contained herein is provided on an
  925. "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
  926. TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
  927. BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
  928. HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
  929. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
  930. Acknowledgement
  931. Funding for the RFC Editor function is currently provided by the
  932. Internet Society.
  933. Leiba Informational [Page 23]