< draft-leiba-imap-implement-guide-01.txt   draft-leiba-imap-implement-guide-02.txt >
Network Working Group B. Leiba Network Working Group B. Leiba
Internet Draft IBM T.J. Watson Research Center Internet Draft IBM T.J. Watson Research Center
Document: draft-leiba-imap-implement-guide-01.txt September 1997 Document: draft-leiba-imap-implement-guide-02.txt September 1997
Expires February 1998 Expires February 1998
IMAP4 Implementation Recommendations IMAP4 Implementation Recommendations
Status of this Document Status of this Document
This document provides information for the Internet community. This This document provides information for the Internet community. This
document does not specify an Internet standard of any kind. document does not specify an Internet standard of any kind.
Distribution of this document is unlimited. Distribution of this document is unlimited.
skipping to change at page 2, line 9 skipping to change at page 2, line 9
has so many implementation choices, there are often trade-offs that has so many implementation choices, there are often trade-offs that
must be made and issues that must be considered when designing such must be made and issues that must be considered when designing such
clients and servers. This document attempts to outline these issues clients and servers. This document attempts to outline these issues
and to make recommendations in order to make the end products as and to make recommendations in order to make the end products as
interoperable as possible. interoperable as possible.
Internet DRAFT Implementation Recommendations September 1997 Internet DRAFT Implementation Recommendations September 1997
2. Conventions used in this document 2. Conventions used in this document
In examples,"C:" indicates lines sent by a client that is connected In examples, "C:" indicates lines sent by a client that is connected
to a server. "S:" indicates lines sent by the server to the client. to a server. "S:" indicates lines sent by the server to the client.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC-2119]. document are to be interpreted as described in [RFC-2119].
3. Interoperability Issues and Recommendations 3. Interoperability Issues and Recommendations
3.1. Accessibility 3.1. Accessibility
skipping to change at page 3, line 7 skipping to change at page 3, line 7
have selected (with some server implementations the STATUS have selected (with some server implementations the STATUS
command has the same problems with multiple access as do the command has the same problems with multiple access as do the
SELECT and EXAMINE commands). SELECT and EXAMINE commands).
A further note about STATUS: The STATUS command is sometimes used to A further note about STATUS: The STATUS command is sometimes used to
check a non-selected mailbox for new mail. This mechanism MUST NOT check a non-selected mailbox for new mail. This mechanism MUST NOT
be used to check for new mail in the selected mailbox; section 5.2 of be used to check for new mail in the selected mailbox; section 5.2 of
Internet DRAFT Implementation Recommendations September 1997 Internet DRAFT Implementation Recommendations September 1997
[RFC-2060] specifically forbids this in its last paragraph. [RFC-2060] specifically forbids this in its last paragraph. Further,
since STATUS takes a mailbox name it is an independent operation, not
operating on the selected mailbox. Because of this, the information
it returns is not necessarily in synchronization with the selected
mailbox state.
3.1.2. Severed Connections 3.1.2. Severed Connections
The client/server connection may be severed for one of three reasons: The client/server connection may be severed for one of three reasons:
the client severs the connection, the server severs the connection, the client severs the connection, the server severs the connection,
or the connection is severed by outside forces beyond the control of or the connection is severed by outside forces beyond the control of
the client and the server (a telephone line drops, for example). the client and the server (a telephone line drops, for example).
Clients and servers must both deal with these situations. Clients and servers must both deal with these situations.
When the client wants to sever a connection, it's usually because it When the client wants to sever a connection, it's usually because it
skipping to change at page 4, line 27 skipping to change at page 4, line 27
There are three situations when a client can make a request that will There are three situations when a client can make a request that will
result in a very large response - too large for the client reasonably result in a very large response - too large for the client reasonably
to deal with: there are a great many mailboxes available, there are a to deal with: there are a great many mailboxes available, there are a
great many messages in the selected mailbox, or there is a very large great many messages in the selected mailbox, or there is a very large
message part. The danger here is that the end user will be stuck message part. The danger here is that the end user will be stuck
waiting while the server sends (and the client processes) an enormous waiting while the server sends (and the client processes) an enormous
response. In all of these cases there are things a client can do to response. In all of these cases there are things a client can do to
reduce that danger. reduce that danger.
There is also the case where a client can flood a server, by sending
an arbitratily long command. We’ll discuss that issue, too, in this
section.
3.2.1.1. Listing Mailboxes 3.2.1.1. Listing Mailboxes
Some servers present Usenet newsgroups to IMAP users. Newsgroups, Some servers present Usenet newsgroups to IMAP users. Newsgroups,
and other such hierarchical mailbox structures, can be very numerous and other such hierarchical mailbox structures, can be very numerous
but may have only a few entries at the top level of hierarchy. but may have only a few entries at the top level of hierarchy. Also,
some servers are built against mail stores that can, unbeknownst to
the server, have circular hierarchies - that is, it’s possible for
"a/b/c/d" to resolve to the same file structure as "a", which would
then mean that "a/b/c/d/b" is the same as "a/b", and the hierarchy
will never end. The LIST response in this case will be unlimited.
Clients that will have trouble with this are those that use Clients that will have trouble with this are those that use
C: 001 LIST "" * C: 001 LIST "" *
to determine the mailbox list. Because of this, clients SHOULD NOT to determine the mailbox list. Because of this, clients SHOULD NOT
use an unqualified "*" that way in the LIST command. A safer use an unqualified "*" that way in the LIST command. A safer
approach is to list each level of hierarchy individually, allowing approach is to list each level of hierarchy individually, allowing
the user to traverse the tree one limb at a time, thus: the user to traverse the tree one limb at a time, thus:
C: 001 LIST "" % C: 001 LIST "" %
S: * LIST () "/" Banana S: * LIST () "/" Banana
S: * LIST ...etc... S: * LIST ...etc...
S: 001 OK done S: 001 OK done
Internet DRAFT Implementation Recommendations September 1997
and then and then
C: 002 LIST "" Banana/% C: 002 LIST "" Banana/%
S: * LIST () "/" Banana/Apple S: * LIST () "/" Banana/Apple
S: * LIST ...etc... S: * LIST ...etc...
S: 002 OK done S: 002 OK done
Using this technique the client's user interface can give the user Using this technique the client's user interface can give the user
full flexibility without choking on the voluminous reply to "LIST *". full flexibility without choking on the voluminous reply to "LIST *".
Of course, it is still possible that the reply to Of course, it is still possible that the reply to
C: 005 LIST "" alt.fan.celebrity.% C: 005 LIST "" alt.fan.celebrity.%
may be thousands of entries long, and there is, unfortunately, may be thousands of entries long, and there is, unfortunately,
Internet DRAFT Implementation Recommendations September 1997
nothing the client can do to protect itself from that. This has not nothing the client can do to protect itself from that. This has not
yet been a notable problem. yet been a notable problem.
Servers that may export circular hierarchies (any server that
directly presents a UNIX file system, for instance) SHOULD limit the
hierarchy depth to prevent unlimited LIST responses. A suggested
depth limit is 20 hierarchy levels.
3.2.1.2. Fetching the List of Messages 3.2.1.2. Fetching the List of Messages
When a client selects a mailbox, it is given a count, in the untagged When a client selects a mailbox, it is given a count, in the untagged
EXISTS response, of the messages in the mailbox. This number can be EXISTS response, of the messages in the mailbox. This number can be
very large. In such a case it might be unwise to use very large. In such a case it might be unwise to use
C: 004 FETCH 1:* ALL C: 004 FETCH 1:* ALL
to populate the user's view of the mailbox. One good method to avoid to populate the user's view of the mailbox. One good method to avoid
problems with this is to batch the requests, thus: problems with this is to batch the requests, thus:
C: 004 FETCH 1:50 ALL C: 004 FETCH 1:50 ALL
skipping to change at page 5, line 35 skipping to change at page 5, line 51
C: 006 FETCH 101:150 ALL C: 006 FETCH 101:150 ALL
...etc... ...etc...
Using this method, another command, such as "FETCH 6 BODY[1]" can be Using this method, another command, such as "FETCH 6 BODY[1]" can be
inserted as necessary, and the client will not have its access to the inserted as necessary, and the client will not have its access to the
server blocked by a storm of FETCH replies. (Such a method could be server blocked by a storm of FETCH replies. (Such a method could be
reversed to fetch the LAST 50 messages first, then the 50 prior to reversed to fetch the LAST 50 messages first, then the 50 prior to
that, and so on.) that, and so on.)
As a smart extension of this, a well designed client, prepared for As a smart extension of this, a well designed client, prepared for
very large mailboxes, will not fetch all message data AT ALL. very large mailboxes, will not automatically fetch data for all
Rather, the client will populate the user's view only as the user messages AT ALL. Rather, the client will populate the user’s view
sees it, possibly pre-fetching selected information, and only only as the user sees it, possibly pre-fetching selected information,
fetching other information as the user scrolls to it. For example, and only fetching other information as the user scrolls to it. For
to select only those messages beginning with the first unseen one:
Internet DRAFT Implementation Recommendations September 1997
example, to select only those messages beginning with the first
unseen one:
C: 003 SELECT INBOX C: 003 SELECT INBOX
S: * 10000 EXISTS S: * 10000 EXISTS
S: * 80 RECENT S: * 80 RECENT
S: * FLAGS (\Answered \Flagged \Deleted \Draft \Seen) S: * FLAGS (\Answered \Flagged \Deleted \Draft \Seen)
S: * OK [UIDVALIDITY 824708485] UID validity status S: * OK [UIDVALIDITY 824708485] UID validity status
S: * OK [UNSEEN 9921] First unseen message S: * OK [UNSEEN 9921] First unseen message
S: 003 OK [READ-WRITE] SELECT completed S: 003 OK [READ-WRITE] SELECT completed
C: 004 FETCH 9921:* ALL C: 004 FETCH 9921:* ALL
... etc... ... etc...
If the server does not return an OK [UNSEEN] response, the client may If the server does not return an OK [UNSEEN] response, the client may
use SEARCH UNSEEN to obtain that value. use SEARCH UNSEEN to obtain that value.
Internet DRAFT Implementation Recommendations September 1997 This mechanism is good as a default presentation method, but only
works well if the default message order is acceptable. A client may
want to present various sort orders to the user (by subject, by date
sent, by sender, and so on) and in that case (lacking a SORT
extension on the server side) the client WILL have to retrieve all
message descriptors. A client that provides this service SHOULD NOT
do it by default and SHOULD inform the user of the costs of choosing
this option for large mailboxes.
3.2.1.3. Fetching a Large Body Part 3.2.1.3. Fetching a Large Body Part
The issue here is similar to the one for a list of messages. In the The issue here is similar to the one for a list of messages. In the
BODYSTRUCTURE response the client knows the size, in bytes, of the BODYSTRUCTURE response the client knows the size, in bytes, of the
body part it plans to fetch. Suppose this is a 70 MB video clip. body part it plans to fetch. Suppose this is a 70 MB video clip.
The client can use partial fetches to retrieve the body part in The client can use partial fetches to retrieve the body part in
pieces, avoiding the problem of an uninterruptible 70 MB literal pieces, avoiding the problem of an uninterruptible 70 MB literal
coming back from the server: coming back from the server:
skipping to change at page 6, line 27 skipping to change at page 7, line 5
S: * 3 FETCH (FLAGS(\Seen) BODY[1]<0> {20000} S: * 3 FETCH (FLAGS(\Seen) BODY[1]<0> {20000}
S: ...data...) S: ...data...)
S: 022 OK done S: 022 OK done
C: 023 FETCH 3 BODY[1]<20001.20000> C: 023 FETCH 3 BODY[1]<20001.20000>
S: * 3 FETCH (BODY[1]<20001> {20000} S: * 3 FETCH (BODY[1]<20001> {20000}
S: ...data...) S: ...data...)
S: 023 OK done S: 023 OK done
C: 024 FETCH 3 BODY[1]<40001.20000> C: 024 FETCH 3 BODY[1]<40001.20000>
...etc... ...etc...
Internet DRAFT Implementation Recommendations September 1997
3.2.1.4. BODYSTRUCTURE vs. Entire Messages 3.2.1.4. BODYSTRUCTURE vs. Entire Messages
Because FETCH BODYSTRUCTURE is necessary in order to determine the Because FETCH BODYSTRUCTURE is necessary in order to determine the
number of body parts, and, thus, whether a message has "attachments", number of body parts, and, thus, whether a message has "attachments",
clients often use FETCH FULL as their normal method of populating the clients often use FETCH FULL as their normal method of populating the
user's view of a mailbox. The benefit is that the client can display user's view of a mailbox. The benefit is that the client can display
a paperclip icon or some such indication along with the normal a paperclip icon or some such indication along with the normal
message summary. However, this comes at a significant cost with some message summary. However, this comes at a significant cost with some
server configurations. The parsing needed to generate the FETCH server configurations. The parsing needed to generate the FETCH
BODYSTRUCTURE response may be time-consuming compared with that BODYSTRUCTURE response may be time-consuming compared with that
skipping to change at page 7, line 5 skipping to change at page 7, line 34
client slightly more flexibility in some areas (access, for instance, client slightly more flexibility in some areas (access, for instance,
to header fields that aren't returned in the BODYSTRUCTURE and to header fields that aren't returned in the BODYSTRUCTURE and
ENVELOPE responses), but it can cause severe performance problems by ENVELOPE responses), but it can cause severe performance problems by
forcing the transfer of all body parts when the user might only want forcing the transfer of all body parts when the user might only want
to see some of them - a user logged on by modem and reading a small to see some of them - a user logged on by modem and reading a small
text message with a large ZIP file attached may prefer to read the text message with a large ZIP file attached may prefer to read the
text only and save the ZIP file for later. Therefore, a client text only and save the ZIP file for later. Therefore, a client
SHOULD NOT normally retrieve entire messages and SHOULD retrieve SHOULD NOT normally retrieve entire messages and SHOULD retrieve
message body parts selectively. message body parts selectively.
3.2.1.5. Long Command Lines
A client can wind up building a very long command line in an effort
to try to be efficient about requesting information from a server.
This can typically happen when a client builds a message set from
selected messages and doesn’t recognise that contiguous blocks of
messages may be group in a range. Suppose a user selects all 10,000
messages in a large mailbox and then unselects message 287. The
client could build that message set as "1:286,288:10000", but a
client that doesn’t handle that might try to enumerate each message
individually and build "1,2,3,4, [and so on] ,9999,10000". Adding
that to the fetch command results in a command line that’s almost
49,000 octets long, and, clearly, one can construct a command line
that’s even longer.
A client SHOULD limit the length of the command lines it generates to
approximately 1000 octets (including all quoted strings but not
including literals). If the client is unable to group things into
ranges so that the command line is within that length, it SHOULD
split the request into multiple commands. The client SHOULD use
literals instead of long quoted strings, in order to keep the command
Internet DRAFT Implementation Recommendations September 1997 Internet DRAFT Implementation Recommendations September 1997
length down.
For its part, a server SHOULD allow for a command line of at least
8000 octets. This provides plenty of leeway for accepting reasonable
length commands from clients. The server SHOULD send a BAD response
to a command that does not end within the server’s maximum accepted
command length.
3.2.2. Subscriptions 3.2.2. Subscriptions
The client isn't the only entity that can get flooded: the end user, The client isn't the only entity that can get flooded: the end user,
too, may need some flood control. The IMAP4 protocol provides such too, may need some flood control. The IMAP4 protocol provides such
control in the form of subscriptions. Most servers support the control in the form of subscriptions. Most servers support the
SUBSCRIBE, UNSUBSCRIBE, and LSUB commands, and many users choose to SUBSCRIBE, UNSUBSCRIBE, and LSUB commands, and many users choose to
narrow down a large list of available mailboxes by subscribing to the narrow down a large list of available mailboxes by subscribing to the
ones that they usually want to see. Clients, with this in mind, ones that they usually want to see. Clients, with this in mind,
SHOULD give the user a way to see only subscribed mailboxes. A SHOULD give the user a way to see only subscribed mailboxes. A
client that never uses the LSUB command takes a significant usability client that never uses the LSUB command takes a significant usability
skipping to change at page 7, line 46 skipping to change at page 9, line 5
that the search is being done (and is probably aware that it might be that the search is being done (and is probably aware that it might be
time-consuming). time-consuming).
The client MAY allow other commands to be sent to the server while a The client MAY allow other commands to be sent to the server while a
SEARCH is in progress, but at the time of this writing there is SEARCH is in progress, but at the time of this writing there is
little or no server support for parallel processing of multiple little or no server support for parallel processing of multiple
commands in the same session (and see "Multiple Accesses of the Same commands in the same session (and see "Multiple Accesses of the Same
Mailbox" above for a description of the dangers of trying to work Mailbox" above for a description of the dangers of trying to work
around this by doing your SEARCH in another session). around this by doing your SEARCH in another session).
Internet DRAFT Implementation Recommendations September 1997
Another word about text searches: some servers, built on database Another word about text searches: some servers, built on database
back-ends with indexed search capabilities, may return search results back-ends with indexed search capabilities, may return search results
that do not match the IMAP spec's "case-insensitive substring" that do not match the IMAP spec's "case-insensitive substring"
requirements. While these servers are in violation of the protocol, requirements. While these servers are in violation of the protocol,
there is little harm in the violation as long as the search results there is little harm in the violation as long as the search results
are used only to response to a user's request. Still, developers of are used only to response to a user's request. Still, developers of
such servers should be aware that they ARE violating the protocol, such servers should be aware that they ARE violating the protocol,
should think carefully about that behaviour, and MUST be certain that should think carefully about that behaviour, and MUST be certain that
their servers respond accurately to the flag searches for the reasons their servers respond accurately to the flag searches for the reasons
Internet DRAFT Implementation Recommendations September 1997
outlined above. outlined above.
3.3 Avoiding Invalid Requests 3.3 Avoiding Invalid Requests
IMAP4 provides ways for a server to tell a client in advance what is IMAP4 provides ways for a server to tell a client in advance what is
and isn't permitted in some circumstances. Clients SHOULD use these and isnt permitted in some circumstances. Clients SHOULD use these
features to avoid sending requests that a well designed client would features to avoid sending requests that a well designed client would
know to be invalid. This section explains this in more detail. know to be invalid. This section explains this in more detail.
3.3.1. The CAPABILITY Command 3.3.1. The CAPABILITY Command
All IMAP4 clients SHOULD use the CAPABILITY command to determine what All IMAP4 clients SHOULD use the CAPABILITY command to determine what
version of IMAP and what optional features a server supports. The version of IMAP and what optional features a server supports. The
client SHOULD NOT send IMAP4rev1 commands and arguments to a server client SHOULD NOT send IMAP4rev1 commands and arguments to a server
that does not advertize IMAP4rev1 in its CAPABILITY response. that does not advertize IMAP4rev1 in its CAPABILITY response.
Similarly, the client SHOULD NOT send IMAP4 commands that no longer Similarly, the client SHOULD NOT send IMAP4 commands that no longer
exist in IMAP4rev1 to a server that does not advertize IMAP4 in its exist in IMAP4rev1 to a server that does not advertize IMAP4 in its
CAPABILITY response. An IMAP4rev1 server is NOT required to support CAPABILITY response. An IMAP4rev1 server is NOT required to support
obsolete IMAP4 or IMAP2bis commands (though some do; do not let this obsolete IMAP4 or IMAP2bis commands (though some do; do not let this
fact lull you into thinking that it's valid to send such commands to fact lull you into thinking that its valid to send such commands to
an IMAP4rev1 server). an IMAP4rev1 server).
A client SHOULD NOT send commands to probe for the existance of A client SHOULD NOT send commands to probe for the existance of
certain extensions. All standard and standards-track extensions certain extensions. All standard and standards-track extensions
include CAPABILITY tokens indicating their presense. All private and include CAPABILITY tokens indicating their presense. All private and
experimental extensions SHOULD do the same, and clients that take experimental extensions SHOULD do the same, and clients that take
advantage of them SHOULD use the CAPABILITY response to determine advantage of them SHOULD use the CAPABILITY response to determine
whether they may be used or not. whether they may be used or not.
3.3.2. Don't Do What the Server Says You Can't 3.3.2. Don’t Do What the Server Says You Can’t
In many cases, the server, in response to a command, will tell the In many cases, the server, in response to a command, will tell the
client something about what can and can't be done with a particular client something about what can and cant be done with a particular
mailbox. The client SHOULD pay attention to this information and mailbox. The client SHOULD pay attention to this information and
SHOULD NOT try to do things that it's been told it can't do. SHOULD NOT try to do things that it’s been told it can’t do.
Examples: Examples:
* Do not try to SELECT a mailbox that has the \Noselect flag set. * Do not try to SELECT a mailbox that has the \Noselect flag set.
Internet DRAFT Implementation Recommendations September 1997
* Do not try to CREATE a sub-mailbox in a mailbox that has the * Do not try to CREATE a sub-mailbox in a mailbox that has the
\Noinferiors flag set. \Noinferiors flag set.
* Do not respond to a failing COPY or APPEND command by trying to * Do not respond to a failing COPY or APPEND command by trying to
CREATE the target mailbox if the server does not respond with a CREATE the target mailbox if the server does not respond with a
[TRYCREATE] response code. [TRYCREATE] response code.
* Do not try to expunge a mailbox that has been selected with the * Do not try to expunge a mailbox that has been selected with the
[READ-ONLY] response code. [READ-ONLY] response code.
Internet DRAFT Implementation Recommendations September 1997
3.4. Miscellaneous Protocol Considerations 3.4. Miscellaneous Protocol Considerations
We describe here a number of important protocol-related issues, the We describe here a number of important protocol-related issues, the
misunderstanding of which has caused significant interoperability misunderstanding of which has caused significant interoperability
problems in IMAP4 implementations. One general item is that every problems in IMAP4 implementations. One general item is that every
implementer should be certain to take note of and to understand implementer should be certain to take note of and to understand
section 2.2.2 and the preamble to section 7 of the IMAP4rev1 spec section 2.2.2 and the preamble to section 7 of the IMAP4rev1 spec
[RFC-2060]. [RFC-2060].
3.4.1. Well Formed Protocol 3.4.1. Well Formed Protocol
skipping to change at page 9, line 32 skipping to change at page 10, line 40
that will crash if there are protocol errors. There are clients that that will crash if there are protocol errors. There are clients that
will report every parser burp to the user. And in any case, will report every parser burp to the user. And in any case,
information that cannot be parsed is information that is lost. Be information that cannot be parsed is information that is lost. Be
careful in your protocol generation. And see "A Word About Testing", careful in your protocol generation. And see "A Word About Testing",
below. below.
In particular, note that the string in the INTERNALDATE response is In particular, note that the string in the INTERNALDATE response is
NOT an RFC-822 date string - that is, it is not in the same format as NOT an RFC-822 date string - that is, it is not in the same format as
the first string in the ENVELOPE response. Since most clients will, the first string in the ENVELOPE response. Since most clients will,
in fact, accept an RFC-822 date string in the INTERNALDATE response, in fact, accept an RFC-822 date string in the INTERNALDATE response,
it's easy to miss this in your interoperability testing. But it will its easy to miss this in your interoperability testing. But it will
cause a problem with some client, so be sure to generate the correct cause a problem with some client, so be sure to generate the correct
string for this field. string for this field.
3.4.2. Special Characters 3.4.2. Special Characters
Certain characters, currently the double-quote and the backslash, may Certain characters, currently the double-quote and the backslash, may
not be sent as they are inside a quoted string. These characters not be sent as-is inside a quoted string. These characters MUST be
MUST be preceded by the escape character if they are in a quoted preceded by the escape character if they are in a quoted string, or
string, or else the string must be sent as a literal. Both clients else the string must be sent as a literal. Both clients and servers
and servers MUST handle this, both on output (they must send these MUST handle this, both on output (they must send these characters
characters properly) and on input (they must be able to receive properly) and on input (they must be able to receive escaped
Internet DRAFT Implementation Recommendations September 1997 Internet DRAFT Implementation Recommendations September 1997
escaped characters in quoted strings). Example: characters in quoted strings). Example:
C: 001 LIST "" % C: 001 LIST "" %
S: * LIST () "" INBOX S: * LIST () "" INBOX
S: * LIST () "\\" TEST S: * LIST () "\\" TEST
S: * LIST () "\\" {12} S: * LIST () "\\" {12}
S: "My" mailbox S: "My" mailbox
S: 001 OK done S: 001 OK done
C: 002 LIST "" "\"My\" mailbox\\%" C: 002 LIST "" "\"My\" mailbox\\%"
S: * LIST () "\\" {17} S: * LIST () "\\" {17}
S: "My" mailbox\Junk S: "My" mailbox\Junk
skipping to change at page 11, line 13 skipping to change at page 12, line 13
UIDVALIDITY is, as its name indicates, to give the client a way to UIDVALIDITY is, as its name indicates, to give the client a way to
Internet DRAFT Implementation Recommendations September 1997 Internet DRAFT Implementation Recommendations September 1997
check the validity of the UIDs it has cached. While it is a valid check the validity of the UIDs it has cached. While it is a valid
implementation choice to put these values together to make a 64-bit implementation choice to put these values together to make a 64-bit
identifier for the message, the important concept here is that UIDs identifier for the message, the important concept here is that UIDs
are not unique between mailboxes; they are only unique WITHIN a given are not unique between mailboxes; they are only unique WITHIN a given
mailbox. mailbox.
Some server implementations have toyed with making UIDs unique across
the entire server. This is inadvisable, in that it limits the life
of UIDs unnecessarily. The UID is a 32-bit number and will run out
in reasonably finite time if it's global across the server. If you
assign UIDs sequentially in one mailbox, you will not have to start
re-using them until you have had, at one time or another, 2**32
different messages in that mailbox. In the global case, you will
have to reuse them once you have had, at one time or another, 2**32
different messages in the entire mail store. Suppose your server has
around 8000 users registered (2**13). That gives an average of 2**19
UIDs per user. Suppose each user gets 32 messages (2**5) per day.
That gives you 2**14 days (16000+ days = about 45 years) before you
run out. That may seem like enough, but multiply the usage just a
little (a lot of spam, a lot of mailing list subscriptions, more
users) and you limit yourself too much.
What's worse is that if you have to wrap the UIDs, and, thus, you
have to change UIDVALIDITY and invalidate the UIDs in the mailbox,
you have to do it for EVERY mailbox in the system, since they all
share the same UID pool. If you assign UIDs per mailbox and you have
a problem, you only have to kill the UIDs for that one mailbox.
Under extreme circumstances (and this is extreme, indeed), the server Under extreme circumstances (and this is extreme, indeed), the server
may have to invalidate UIDs while a mailbox is in use by a client - may have to invalidate UIDs while a mailbox is in use by a client -
that is, the UIDs that the client knows about in its active mailbox that is, the UIDs that the client knows about in its active mailbox
are no longer valid. In that case, the server MUST immediately are no longer valid. In that case, the server MUST immediately
change the UIDVALIDITY and MUST communicate this to the client. The change the UIDVALIDITY and MUST communicate this to the client. The
server MAY do this by sending an unsolicited UIDVALIDITY message, in server MAY do this by sending an unsolicited UIDVALIDITY message, in
the same form as in response to the SELECT command. Clients MUST be the same form as in response to the SELECT command. Clients MUST be
prepared to handle such a message and the possibly coincident failure prepared to handle such a message and the possibly coincident failure
of the command in process. For example: of the command in process. For example:
C: 032 UID STORE 382 +Flags.silent \Deleted C: 032 UID STORE 382 +Flags.silent \Deleted
S: * OK [UIDVALIDITY 12345] New UIDVALIDITY value! S: * OK [UIDVALIDITY 12345] New UIDVALIDITY value!
S: 032 NO UID command rejeced because UIDVALIDITY changed! S: 032 NO UID command rejeced because UIDVALIDITY changed!
C: ...invalidates local information and re-fetches... C: ...invalidates local information and re-fetches...
C: 033 FETCH 1:* UID C: 033 FETCH 1:* UID
...etc... ...etc...
Alternatively, some servers force the client to re-select the At the time of the writing of this document, the only server known to
do this does so only under the following condition: the client
selects INBOX, but there is not yet a physical INBOX file created.
Nonetheless, the SELECT succeeds, exporting an empty INBOX with a
Internet DRAFT Implementation Recommendations September 1997
temporary UIDVALIDITY of 1. While the INBOX remains selected, mail
is delivered to the user, which creates the real INBOX file and
assigns a permanent UIDVALIDITY (that is likely not to be 1). The
server reports the change of UIDVALIDITY, but as there were no
messages before, so no UIDs have actually changed, all the client
must do is accept the change in UIDVALIDITY.
Alternatively, a server may force the client to re-select the
mailbox, at which time it will obtain a new UIDVALIDITY value. To do mailbox, at which time it will obtain a new UIDVALIDITY value. To do
this, the server closes this client session (see "Severed this, the server closes this client session (see "Severed
Connections" above) and the client then reconnects and gets back in Connections" above) and the client then reconnects and gets back in
synch. Clients MUST be prepared for either of these behaviours. synch. Clients MUST be prepared for either of these behaviours.
We do not know of, nor do we anticipate the future existance of, a
server that changes UIDVALIDITY while there are existing messages,
but clients MUST be prepared to handle this eventuality.
3.4.4. FETCH Responses 3.4.4. FETCH Responses
When a client asks for certain information in a FETCH command, the When a client asks for certain information in a FETCH command, the
server MAY return the requested information in any order, not server MAY return the requested information in any order, not
necessarily in the order that it was requested. Further, the server necessarily in the order that it was requested. Further, the server
MAY return the information in separate FETCH responses and MAY also MAY return the information in separate FETCH responses and MAY also
return information that was not explicitly requested (to reflect to return information that was not explicitly requested (to reflect to
the client changes in the state of the subject message). Some the client changes in the state of the subject message). Some
examples: examples:
C: 001 FETCH 1 UID FLAGS INTERNALDATE C: 001 FETCH 1 UID FLAGS INTERNALDATE
S: * 5 FETCH (FLAGS (\Deleted)) S: * 5 FETCH (FLAGS (\Deleted))
S: * 1 FETCH (FLAGS (\Seen) INTERNALDATE "..." UID 345) S: * 1 FETCH (FLAGS (\Seen) INTERNALDATE "..." UID 345)
S: 001 OK done S: 001 OK done
(In this case, the responses are in a different order. Also, the (In this case, the responses are in a different order. Also, the
server returned a flag update for message 5, which wasn't part of the server returned a flag update for message 5, which wasn't part of the
client's request.) client's request.)
Internet DRAFT Implementation Recommendations September 1997
C: 002 FETCH 2 UID FLAGS INTERNALDATE C: 002 FETCH 2 UID FLAGS INTERNALDATE
S: * 2 FETCH (INTERNALDATE "...") S: * 2 FETCH (INTERNALDATE "...")
S: * 2 FETCH (UID 399) S: * 2 FETCH (UID 399)
S: * 2 FETCH (FLAGS ()) S: * 2 FETCH (FLAGS ())
S: 002 OK done S: 002 OK done
(In this case, the responses are in a different order and were (In this case, the responses are in a different order and were
returned in separate responses.) returned in separate responses.)
C: 003 FETCH 2 BODY[1] C: 003 FETCH 2 BODY[1]
S: * 2 FETCH (FLAGS (\Seen) BODY[1] {14} S: * 2 FETCH (FLAGS (\Seen) BODY[1] {14}
S: Hello world! S: Hello world!
S: ) S: )
S: 003 OK done S: 003 OK done
Internet DRAFT Implementation Recommendations September 1997
(In this case, the FLAGS response was added by the server, since (In this case, the FLAGS response was added by the server, since
fetching the body part caused the server to set the \Seen flag.) fetching the body part caused the server to set the \Seen flag.)
Because of this characteristic a client MUST be ready to receive any Because of this characteristic a client MUST be ready to receive any
FETCH response at any time and should use that information to update FETCH response at any time and should use that information to update
its local information about the message to which the FETCH response its local information about the message to which the FETCH response
refers. A client MUST NOT assume that any FETCH responses will come refers. A client MUST NOT assume that any FETCH responses will come
in any particular order, or even that any will come at all. If after in any particular order, or even that any will come at all. If after
receiving the tagged response for a FETCH command the client finds receiving the tagged response for a FETCH command the client finds
that it did not get all of the information requested, the client that it did not get all of the information requested, the client
skipping to change at page 13, line 4 skipping to change at page 14, line 42
When this is the case, some servers have chosen to estimate the size, When this is the case, some servers have chosen to estimate the size,
rather than to compute it precisely. Such an estimate allows the rather than to compute it precisely. Such an estimate allows the
client to display an approximate size to the user and to use the client to display an approximate size to the user and to use the
estimate in flood control considerations (q.v.), but requires that estimate in flood control considerations (q.v.), but requires that
the client not use the size for things such as allocation of buffers, the client not use the size for things such as allocation of buffers,
because those buffers might then be too small to hold the actual MIME because those buffers might then be too small to hold the actual MIME
stream. Instead, a client SHOULD use the size that's returned in the stream. Instead, a client SHOULD use the size that's returned in the
literal when you fetch the data. literal when you fetch the data.
The protocol requires that the RFC822.SIZE value returned by the The protocol requires that the RFC822.SIZE value returned by the
Internet DRAFT Implementation Recommendations September 1997
server be EXACT. Estimating the size is a protocol violation, and server be EXACT. Estimating the size is a protocol violation, and
server designers must be aware that, despite the performance savings server designers must be aware that, despite the performance savings
they might realize in using an estimate, this practice will cause they might realize in using an estimate, this practice will cause
some clients to fail in various ways. If possible, the server SHOULD some clients to fail in various ways. If possible, the server SHOULD
compute the RFC822.SIZE for a particular message once, and then save compute the RFC822.SIZE for a particular message once, and then save
it for later retrieval. If that's not possible, the server MUST it for later retrieval. If that's not possible, the server MUST
compute the value exactly every time. Incorrect estimates do cause compute the value exactly every time. Incorrect estimates do cause
severe interoperability problems with some clients. severe interoperability problems with some clients.
3.4.6. Expunged Messages 3.4.6. Expunged Messages
If the server allows multiple connections to the same mailbox, it is If the server allows multiple connections to the same mailbox, it is
Internet DRAFT Implementation Recommendations September 1997
often possible for messages to be expunged in one client unbeknownst often possible for messages to be expunged in one client unbeknownst
to another client. Since the server is not allowed to tell the to another client. Since the server is not allowed to tell the
client about these expunged messages in response to a FETCH command, client about these expunged messages in response to a FETCH command,
the server may have to deal with the issue of how to return the server may have to deal with the issue of how to return
information about an expunged message. There was extensive information about an expunged message. There was extensive
discussion about this issue, and the results of that discussion are discussion about this issue, and the results of that discussion are
summarized in [RFC-2180]. See that reference for a detailed summarized in [RFC-2180]. See that reference for a detailed
explanation and for recommendations. explanation and for recommendations.
3.4.7. The Namespace Issue 3.4.7. The Namespace Issue
skipping to change at page 14, line 4 skipping to change at page 15, line 41
(See also "Reference Names in the LIST Command" below.) (See also "Reference Names in the LIST Command" below.)
3.4.8. Creating Special-Use Mailboxes 3.4.8. Creating Special-Use Mailboxes
It may seem at first that this is part of the namespace issue; it is It may seem at first that this is part of the namespace issue; it is
not, and is only indirectly related to it. A number of clients like not, and is only indirectly related to it. A number of clients like
to create special-use mailboxes with particular names. Most to create special-use mailboxes with particular names. Most
commonly, clients with a "trash folder" model of message deletion commonly, clients with a "trash folder" model of message deletion
want to create a mailbox with the name "Trash" or "Deleted". Some want to create a mailbox with the name "Trash" or "Deleted". Some
clients want to create a "Drafts" mailbox, an "Outbox" mailbox, or a clients want to create a "Drafts" mailbox, an "Outbox" mailbox, or a
Internet DRAFT Implementation Recommendations September 1997
"Sent Mail" mailbox. And so on. There are two major "Sent Mail" mailbox. And so on. There are two major
interoperability problems with this practice: interoperability problems with this practice:
1. different clients may use different names for mailboxes with 1. different clients may use different names for mailboxes with
similar functions (such as "Trash" and "Deleted"), or may manage the similar functions (such as "Trash" and "Deleted"), or may manage the
same mailboxes in different ways, causing problems if a user switches same mailboxes in different ways, causing problems if a user switches
between clients and between clients and
2. there is no guarantee that the server will allow the creation of 2. there is no guarantee that the server will allow the creation of
the desired mailbox. the desired mailbox.
The client developer is, therefore, well advised to consider The client developer is, therefore, well advised to consider
carefully the creation of any special-use mailboxes on the server, carefully the creation of any special-use mailboxes on the server,
and, further, the client MUST NOT require such mailbox creation - and, further, the client MUST NOT require such mailbox creation -
that is, if you do decide to do this, you MUST handle gracefully the that is, if you do decide to do this, you MUST handle gracefully the
Internet DRAFT Implementation Recommendations September 1997
failure of the CREATE command and behave reasonably when your failure of the CREATE command and behave reasonably when your
special-use mailboxes do not exist and can not be created. special-use mailboxes do not exist and can not be created.
In addition, the client developer SHOULD provide a convenient way for In addition, the client developer SHOULD provide a convenient way for
the user to select the names for any special-use mailboxes, allowing the user to select the names for any special-use mailboxes, allowing
the user to make these names the same in all clients s/he uses and to the user to make these names the same in all clients s/he uses and to
put them where s/he wants them. put them where s/he wants them.
3.4.9. Reference Names in the LIST Command 3.4.9. Reference Names in the LIST Command
skipping to change at page 15, line 5 skipping to change at page 16, line 43
in those configurations. Second, while some IMAP servers expose the in those configurations. Second, while some IMAP servers expose the
underlying file system to the clients, others allow access only to underlying file system to the clients, others allow access only to
the user's personal mailboxes, or to some other limited set of files, the user's personal mailboxes, or to some other limited set of files,
making such file-system-like semantics less meaningful. Third, making such file-system-like semantics less meaningful. Third,
because the IMAP spec leaves the interpretation of the reference name because the IMAP spec leaves the interpretation of the reference name
as "implementation-dependent", the various server implementations as "implementation-dependent", the various server implementations
handle it in vastly differing ways, and fourth, many implementers handle it in vastly differing ways, and fourth, many implementers
simply do not understand it and misuse it, do not use it, or ignore simply do not understand it and misuse it, do not use it, or ignore
it as a result. it as a result.
Internet DRAFT Implementation Recommendations September 1997
The following statement gets somewhat into the religious issues that The following statement gets somewhat into the religious issues that
we've tried to avoid scrupulously here; so be it: because of the we've tried to avoid scrupulously here; so be it: because of the
confusion around the reference name, its use by a client is a confusion around the reference name, its use by a client is a
dangerous thing, prone to result in interoperability problems. There dangerous thing, prone to result in interoperability problems. There
are servers that interpret it as originally intended; there are are servers that interpret it as originally intended; there are
servers that ignore it completely; there are servers that simply servers that ignore it completely; there are servers that simply
prepend it to the mailbox name (with or without inserting a hierarchy prepend it to the mailbox name (with or without inserting a hierarchy
delimiter in between). Because a client can't know which of these delimiter in between). Because a client can't know which of these
four behaviours to expect, a client SHOULD NOT use a reference name four behaviours to expect, a client SHOULD NOT use a reference name
itself, expecting a particular server behavior. However, a client itself, expecting a particular server behavior. However, a client
SHOULD permit a USER, by configuration, to use a reference name. SHOULD permit a USER, by configuration, to use a reference name.
Internet DRAFT Implementation Recommendations September 1997
There is in no way universal agreement about the use or non-use of There is in no way universal agreement about the use or non-use of
the reference name. The last words here are, "Be aware." the reference name. The last words here are, "Be aware."
3.4.10. Deleting Mailboxes
The protocol does not guarantee that a client may delete a mailbox
that is not empty, though on some servers it is permissible and is,
in fact, much faster than the alternative or deleting all the
messages from the client. If the client chooses to try to take
advantage of this possibility it MUST be prepared to use the other
method in the even that the more convenient one fails. Further, a
client SHOULD NOT try to delete the mailbox that it has selected, but
should first close that mailbox; some servers do not permit the
deletion of the selected mailbox.
Example:
[User tells the client to delete mailbox BANANA, which is
currently selected...]
C: 008 CLOSE
S: 008 OK done
C: 009 DELETE BANANA
S: 009 NO Delete failed; mailbox is not empty.
C: 010 SELECT BANANA
S: * ... untagged SELECT responses
S: 010 OK done
C: 011 STORE 1:* +FLAGS.SILENT \DELETED
S: 011 OK done
C: 012 CLOSE
S: 012 OK done
C: 013 DELETE BANANA
S: 013 OK done
3.5. A Word About Testing 3.5. A Word About Testing
Since the whole point of IMAP is interoperability, and since Since the whole point of IMAP is interoperability, and since
interoperability can not be tested in a vacuum, the final interoperability can not be tested in a vacuum, the final
recommendation of this treatise is, "Test against EVERYTHING." Test recommendation of this treatise is, "Test against EVERYTHING." Test
your client against every server you can get an account on. Test your client against every server you can get an account on. Test
your server with every client you can get your hands on. Many your server with every client you can get your hands on. Many
clients make limited test versions available on the Web for the clients make limited test versions available on the Web for the
downloading. Many server owners will give serious client developers downloading. Many server owners will give serious client developers
guest accounts for testing. Contact them and ask. NEVER assume that guest accounts for testing. Contact them and ask. NEVER assume that
because your client works with one or two servers, or because your because your client works with one or two servers, or because your
server does fine with one or two clients, you will interoperate well server does fine with one or two clients, you will interoperate well
in general. in general.
In particular, in addition to everything else, be sure to test In particular, in addition to everything else, be sure to test
Internet DRAFT Implementation Recommendations September 1997
against the reference implementations: the PINE client, the against the reference implementations: the PINE client, the
University of Washington server, and the Cyrus server. University of Washington server, and the Cyrus server.
See the following URLs on the web for more information here: See the following URLs on the web for more information here:
IMAP Products and Sources: http://www.imap.org/products.html IMAP Products and Sources: http://www.imap.org/products.html
IMC MailConnect: http://www.imc.org/imc-mailconnect IMC MailConnect: http://www.imc.org/imc-mailconnect
4. Security Considerations 4. Security Considerations
This document describes behaviour of clients and servers that use the This document describes behaviour of clients and servers that use the
IMAP4 protocol, and as such, has the same security considerations as IMAP4 protocol, and as such, has the same security considerations as
described in [RFC-2060]. described in [RFC-2060].
Internet DRAFT Implementation Recommendations September 1997
5. References 5. References
[RFC-2060], Crispin, M., "Internet Message Access Protocol - Version [RFC-2060], Crispin, M., "Internet Message Access Protocol - Version
4rev1", RFC 2060, University of Washington, December 1996. 4rev1", RFC 2060, University of Washington, December 1996.
[RFC-2119], Bradner, S., "Key words for use in RFCs to Indicate [RFC-2119], Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, Harvard University, March 1997. Requirement Levels", RFC 2119, Harvard University, March 1997.
[RFC-2180], Gahrns, M., "IMAP4 Multi-Accessed Mailbox Practice", RFC [RFC-2180], Gahrns, M., "IMAP4 Multi-Accessed Mailbox Practice", RFC
2180, Microsoft, July 1997. 2180, Microsoft, July 1997.
 End of changes. 39 change blocks. 
43 lines changed or deleted 176 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/