The Internet Message Access Protocol Version 4 (IMAP4)

This Internet email protocol was also developed many years ago, but has been gaining wide adoption only in the past five years. Like POP3, users can download email messages from an IMAP server. However, it is also possible to leave the messages on the server. You can download a list of header information (such as the sender, subject line, and date of the email) and decide which messages you want to read. The messages still reside on the server. You do not have to download them to your workstation. Similar to the way in which POP3 email clients function, you can also create folders on the IMAP server so that you can organize your email. When using POP3 or IMAP, you can also create local folders that are stored on your computer's hard drive.

Storing email messages on a central server enables a system administrator to create backups of the email databasereducing the worry of accidentally deleting a message after you download it from an SMTP server. Provided that the message was put to backup before you deleted it on an IMAP server, it can be restored from the backup. Another benefit for the network administrator is that it is easy to enforce limits on the number of messages that can accumulate in a user's mailbox, and automatically delete older messages. Of course, a good administrator will first send out an email to users approaching their limit to inform them.

Perhaps a more important feature that is useful to the end user is that you can access your email from more than one location. For example, you can read email at work or from home, and it will appear the same. This can be useful for mobile users who are away from the office. Using POP3, messages that are downloaded to your workstation may no longer be available on the SMTP server. IMAP will store the messages on a central server so that you can access them from any location that allows a connection to your network, such as through a VPN or an authenticated Web-based client. You can read messages while on the road and still have them to download to your mail client back at your office when you return. The alternative, when using a POP3 client, is that you have to extract the messages from your client software on your laptop and then import them into the client software on your desktop computer.

Note

Although most POP3 clients adhere to the RFC standard, there is a loophole in the standard that can be used to leave messages on the server, in a manner similar to IMAP. This is not the intention of the design of POP3 clients, however.

Of course, the end user can also delete messages from the IMAP server via client software if they are no longer needed.

Note

IMAP is a client protocol, like POP3. When IMAP is used, the SMTP protocol is still used to send email messages. IMAP is used only to view, delete, rename, or download messages from the central IMAP server.

Transport Protocols

IMAP is an application protocol. As with POP3 and SMTP, the underlying transport protocol is TCP/IP. The IMAP server listens on port 143 for requests from IMAP clients. The mechanism for receiving data is also similar to SMTP. Lines of data (text or other data) are used, and each line is terminated by the <CRLF> sequence.

Client Commands

Each command sent by the client application begins with a tag. Each tag consists of a string of characters followed by the line of text. A tag consists of the unique identifier of the command or the message sequence number. This allows the client and server to keep track of which requests and responses are being sent or acknowledged. Either of the following may be part of the tag:

• Unique Identifiers (UIDs) These usually exist across sessions between the client and the IMAP server. Thus, these numbers are not assigned in a sequential manner; however, they should be assigned in an ascending order should they change.

• Message Sequence Number Each message in the user's mailbox is assigned a message sequence number, starting with the number one, so that each message is uniquely identified in the mailbox of that user by this number. When messages are deleted, the message sequence number for those messages that follow the deleted message are reassigned to maintain a contiguous numerical ascending order.

Note

There are two exceptions to the rule that a client command code is not followed by text that consists of a complete command. The first is one that sends an octet count. An octet is just another way of saying a byte of information.

The second situation involves authentication. In this case, a response is required from the server before the command sequence can be completed.

System Flags

The IMAP server also maintains a set of flags that tell it the status of each email message. All system flags begin with a backslash (\). These are the common system flags:

• \Seen The message has been read by the client software application.

• \Answered The message has been sent an answer by the client software.

• \Flagged The message has been marked for some type of action, such as deletion, urgency, or special attention.

• \Deleted The message has been marked for deletion by the function called expunge.

• \Draft The message has not been finished and is flagged as a "draft" message so that you can save it and complete it later.

• \Recent The message is new to the current session. If more than one session is opened by client software, this flag may not be seen by all client software applications.

Retrieving the Message Header and Body of the Message

Because IMAP must interact with SMTP, it recognizes the SMTP envelope, which consists of the header information and data stored in the email message. There are several states that the protocol goes through when interacting with the IMAP server.

The selected state means that a mailbox has been selected. The logout state indicates that the connection is to be terminated by either the client or the server.

Data Formatting

Although all transfers occur in text format, similar to SMTP, there are several forms of data that can be used with commands/responses that are exchanged between the client and the server of the IMAP computers:

• Atom One or more special characters.

• Number One or more numerical digits.

• String Two versions of this type are used:

  • A literal string consists of a sequence of zero or more string ASCII characters. The literal string is prefixed with a number (enclosed in braces {}) that indicate the number of characters to follow. The literal string includes the <CRLF> characters. An empty literal string is represented as {0}<CRLF>.

  • A quoted string is a string of characters made up of zero or more 7-bit characters, not including the <CRLF> characters. The string of characters contains a quote character (") at the start and end of the string as a delimiter of the string. Thus, no count of characters is required. An empty quoted string is represented as "".

• 8-bit binary text This type of data uses MIME (Multi-Purpose Internet Mail Extensions) that transfers encoding using 8-bit encoding.

• Parenthesized list A sequence of data structures, each delimited by a space character, and surrounded by the parentheses characters ( and ). An empty list is represented as ().

In addition, the NIL data type is a special type of the atom data type which indicates that a data type is nonexistent. This is used to differentiate between the null string "" and the null parenthesized list ().

The User's Inbox and Other Mailbox Naming

Most mailbox names used by IMAP4 depend on the particular IMAP implementation. The Inbox is a reserved term used to designate the incoming mail (inbox) of a user.

Other mailbox names start with the pound (#) character.

Note

Other characters than # are used for foreign implementations of the mailbox character.

Universal Commands

Clients may also send the following commands:

• Capability This command starts with the AUTH command to determine whether the server can use a particular authentication method.

• NOOP (No Operation) Generally does nothing. This command can be used to poll the server to update the client's listing to see whether any new messages are available, or to reset a time after which the client will be logged off the server. In other words, it's an "I'm still here" type of command.

• LOGOUT This tells the server that the client software is finished and the connection should be closed.

Other IMAP Commands Non-Authenticated Commands

In addition to the commands listed earlier in this chapter concerning IMAP, the following commands are used before the user has been authenticated to the server. These are the commands that are indeed used during the initial authentication process.

• AUTHENTICATE Is followed by the name of an authentication mechanism, and the server can ask for additional data for the authentication. The server can then accept or reject the client's logon. The server can also reject this command if it does not support the method of authentication requested by the server. Subsequent communications between the client and the server depend on the method of authentication chosen.

• LOGIN Sends the user's name and password in clear text without using any encryption mechanism, such as LOGON OGLETREE ZIRA. In an environment where security is important, the AUTHENTICATION command should be used to select a more secure mechanism.

Authenticated Commands

These commands can be used after the client has authenticated itself to the server:

• SELECT Is used to select the mailbox. The server can respond that the mailbox exists and, if so, can indicate the number of recent messages, and any flags defined in the mailbox (such as urgent).

• EXAMINE Is nearly identical to the SELECT command, except that the mailbox is available for read-only access.

• CREATE Is used to create a new mailbox.

• DELETE Is used to delete a mailbox.

• RENAME Renames an existing mailbox.

• SUBSCRIBE Is used to subscribe to a newsgroup, such as pets.cats.zira.

• UNSUBSCRIBE You guessed itis used to unsubscribe from a newsgroup.

• LIST Lists the contents of a mailbox (mail or newsgroup).

• LSUB Returns a list of names for newsgroup lists the user has subscribed to, even if they no longer exist.

• STATUS Obtains the status of the mailbox. Replies can include MESSAGES (number of messages in the mailbox), RECENT (number of messages in the mailbox with the \Recent flag set), UIDNEXT (the value of the unique identifier, UID, that will be assigned to the next message received), or UIDVALIDITY (the unique identifier validity value of the mailbox).

• APPEND Adds a new message to another mailbox.

• CLOSE Removes messages that have the /Deleted flag set, unless the mailbox was opened with EXAMINE or is in a read-only state.

• EXPUNGE Permanently removes messages with the /Deleted flag set.

• SEARCH Searches a mailbox for messages per criteria set by the client. A large number of criteria can be used, which can be obtained by reading RFC 2060.

• FETCH Obtains all or part of a message (such as the header or body of text of the message) for the client to read.

• STORE Alters data that is part of a message in a mailbox.

• COPY Copies a message to the end of a destination mailbox.

The responses sent by the server to the client will depend on the particular command in this list, and the list is quite lengthy. As with the SEARCH command, the reader is encouraged to read RFC 2060. This chapter was designed to give you an idea of how a client interacts with the server to get or manipulate messages stored on the server.

Caution

The definition of an open email relay is almost self-explanatory and should not be allowed. As you already know, a relay takes email and sends it to another location. Spammers can use your relay if it's left open to send email back and forth (utilizing your resources) to send out bulk or spam related email to unintended recipients.

Because the open mail relay is used without your knowledge, it's known to be "open." Open relays are commonly blacklisted, and until the open relay is closed, no other email server will operate with it.

You can learn more about open relays at the open relay database online at http://ordb.org/faq.