Internet Message Access Protocol (IMAP) - Version 4rev2Isode Ltd14 Castle MewsHamptonMiddlesexTW12 2NPUKAlexey.Melnikov@isode.comFuturewei Technologies+1 646 827 0648barryleiba@computer.orghttp://internetmessagingtechnology.org/
Applications and RealTime
The Internet Message Access Protocol, Version 4rev2 (IMAP4rev2)
allows a client to access and manipulate electronic mail messages on
a server. IMAP4rev2 permits manipulation of mailboxes (remote
message folders) in a way that is functionally equivalent to local
folders. IMAP4rev2 also provides the capability for an offline
client to resynchronize with the server.
IMAP4rev2 includes operations for creating, deleting, and renaming
mailboxes, checking for new messages, permanently removing messages,
setting and clearing flags, RFC 5322, RFC 2045 and RFC 2231 parsing, searching,
and selective fetching of message attributes, texts, and portions
thereof. Messages in IMAP4rev2 are accessed by the use of numbers.
These numbers are either message sequence numbers or unique
identifiers.
IMAP4rev2 does not specify a means of posting mail; this function is
handled by a mail submission protocol such as RFC 6409.
This document is written from the point of view of the implementor of
an IMAP4rev2 client or server. Beyond the protocol overview in
section 2, it is not optimized for someone trying to understand the
operation of the protocol. The material in sections 3 through 5
provides the general context and definitions with which IMAP4rev2
operates.
Sections 6, 7, and 9 describe the IMAP commands, responses, and
syntax, respectively. The relationships among these are such that it
is almost impossible to understand any of them separately. In
particular, do not attempt to deduce command syntax from the command
section alone; instead refer to the Formal Syntax section.
"Conventions" are basic principles or procedures. Document
conventions are noted in this section.
In examples, "C:" and "S:" indicate lines sent by the client and
server respectively.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14
when, and only when, they appear in all capitals, as shown here.
The word "can" (not "may") is used to refer to a possible
circumstance or situation, as opposed to an optional facility of the
protocol.
"User" is used to refer to a human user, whereas "client" refers to
the software being run by the user.
"Connection" refers to the entire sequence of client/server
interaction from the initial establishment of the network connection
until its termination.
"Session" refers to the sequence of client/server interaction from
the time that a mailbox is selected (SELECT or EXAMINE command) until
the time that selection ends (SELECT or EXAMINE of another mailbox,
CLOSE command, UNSELECT command, or connection termination).
Characters are 8-bit UTF-8 (of which 7-bit US-ASCII is a subset) unless otherwise specified. Other
character sets are indicated using a "CHARSET", as described in
and defined in . CHARSETs have important
additional semantics in addition to defining character set; refer to
these documents for more detail.
There are several protocol conventions in IMAP. These refer to
aspects of the specification which are not strictly part of the IMAP
protocol, but reflect generally-accepted practice. Implementations
need to be aware of these conventions, and avoid conflicts whether or
not they implement the convention. For example, "&" may not be used
as a hierarchy delimiter since it conflicts with the Mailbox
International Naming Convention, and other uses of "&" in mailbox
names are impacted as well.
Implementors of the IMAP protocol are strongly encouraged to read the
IMAP implementation recommendations document in
conjunction with this document, to help understand the intricacies of
this protocol and how best to build an interoperable product.
IMAP4rev2 is designed to be upwards compatible from the and
unpublished IMAP2bis protocols. IMAP4rev2 is largely compatible with
the IMAP4rev1 protocol described in RFC 3501 and
the IMAP4 protocol described in RFC 1730; the exception being in
certain facilities added in RFC 1730 that proved problematic and were
subsequently removed. In the course of the evolution of IMAP4rev2,
some aspects in the earlier protocols have become obsolete.
Obsolete commands, responses, and data formats which an IMAP4rev2
implementation can encounter when used with an earlier implementation
are described in and
.
Other compatibility issues with IMAP2bis, the most common variant of
the earlier protocol, are discussed in . A full
discussion of compatibility issues with rare (and presumed extinct)
variants of is in ; this document is
primarily of historical interest.
IMAP was originally developed for the older standard, and
as a consequence several fetch items in IMAP incorporate "RFC822" in
their name. In all cases, "RFC822" should be interpreted as a
reference to the updated standard.
The IMAP4rev2 protocol assumes a reliable data stream such as that
provided by TCP. When TCP is used, an IMAP4rev2 server listens on
port 143 or port 993 (IMAP-over-TLS).
An IMAP4rev2 connection consists of the establishment of a
client/server network connection, an initial greeting from the
server, and client/server interactions. These client/server
interactions consist of a client command, server data, and a server
completion result response.
All interactions transmitted by client and server are in the form of
lines, that is, strings that end with a CRLF. The protocol receiver
of an IMAP4rev2 client or server is either reading a line, or is
reading a sequence of octets with a known count followed by a line.
The client command begins an operation. Each client command is
prefixed with an identifier (typically a short alphanumeric string,
e.g., A0001, A0002, etc.) called a "tag". A different tag is
generated by the client for each command.
(More formally: the client SHOULD generate a unique tag for every command,
but a server MUST accept tag reuse.)
Clients MUST follow the syntax outlined in this specification
strictly. It is a syntax error to send a command with missing or
extraneous spaces or arguments.
There are two cases in which a line from the client does not
represent a complete command. In one case, a command argument is
quoted with an octet count (see the description of literal in String
under Data Formats); in the other case, the command arguments require
server feedback (see the AUTHENTICATE command). In either case, the
server sends a command continuation request response if it is ready
for the octets (if appropriate) and the remainder of the command.
This response is prefixed with the token "+".
Note: If instead, the server detected an error in the
command, it sends a BAD completion response with a tag
matching the command (as described below) to reject the
command and prevent the client from sending any more of the
command.
It is also possible for the server to send a completion
response for some other command (if multiple commands are
in progress), or untagged data. In either case, the
command continuation request is still pending; the client
takes the appropriate action for the response, and reads
another response from the server. In all cases, the client
MUST send a complete command (including receiving all
command continuation request responses and command
continuations for the command) before initiating a new
command.
The protocol receiver of an IMAP4rev2 server reads a command line
from the client, parses the command and its arguments, and transmits
server data and a server command completion result response.
Data transmitted by the server to the client and status responses
that do not indicate command completion are prefixed with the token
"*", and are called untagged responses.
Server data MAY be sent as a result of a client command, or MAY be
sent unilaterally by the server. There is no syntactic difference
between server data that resulted from a specific command and server
data that were sent unilaterally.
The server completion result response indicates the success or
failure of the operation. It is tagged with the same tag as the
client command which began the operation. Thus, if more than one
command is in progress, the tag in a server completion response
identifies the command to which the response applies. There are
three possible server completion responses: OK (indicating success),
NO (indicating failure), or BAD (indicating a protocol error such as
unrecognized command or command syntax error).
Servers SHOULD enforce the syntax outlined in this specification
strictly. Any client command with a protocol syntax error, including
(but not limited to) missing or extraneous spaces or arguments,
SHOULD be rejected, and the client given a BAD server completion
response.
The protocol receiver of an IMAP4rev2 client reads a response line
from the server. It then takes action on the response based upon the
first token of the response, which can be a tag, a "*", or a "+".
A client MUST be prepared to accept any server response at all times.
This includes server data that was not requested. Server data SHOULD
be recorded, so that the client can reference its recorded copy
rather than sending a command to the server to request the data. In
the case of certain server data, the data MUST be recorded.
This topic is discussed in greater detail in the Server Responses
section.
In addition to message text, each message has several attributes
associated with it. These attributes can be retrieved individually
or in conjunction with other attributes or message texts.
Messages in IMAP4rev2 are accessed by one of two numbers; the unique
identifier or the message sequence number.
An unsigned non-zero 32-bit value assigned to each message, which when used with the
unique identifier validity value (see below) forms a 64-bit value
that MUST NOT refer to any other message in the mailbox or any
subsequent mailbox with the same name forever. Unique identifiers
are assigned in a strictly ascending fashion in the mailbox; as each
message is added to the mailbox it is assigned a higher UID than the
message(s) which were added previously. Unlike message sequence
numbers, unique identifiers are not necessarily contiguous.
The unique identifier of a message MUST NOT change during the
session, and SHOULD NOT change between sessions. Any change of
unique identifiers between sessions MUST be detectable using the
UIDVALIDITY mechanism discussed below. Persistent unique identifiers
are required for a client to resynchronize its state from a previous
session with the server (e.g., disconnected or offline access
clients ); this is discussed further in .
Associated with every mailbox are two 32-bit unsigned non-zero values which aid in unique
identifier handling: the next unique identifier value (UIDNEXT) and the unique
identifier validity value (UIDVALIDITY).
The next unique identifier value is the predicted value that will be
assigned to a new message in the mailbox. Unless the unique
identifier validity also changes (see below), the next unique
identifier value MUST have the following two characteristics. First,
the next unique identifier value MUST NOT change unless new messages
are added to the mailbox; and second, the next unique identifier
value MUST change whenever new messages are added to the mailbox,
even if those new messages are subsequently expunged.
Note: The next unique identifier value is intended to
provide a means for a client to determine whether any
messages have been delivered to the mailbox since the
previous time it checked this value. It is not intended to
provide any guarantee that any message will have this
unique identifier. A client can only assume, at the time
that it obtains the next unique identifier value, that
messages arriving after that time will have a UID greater
than or equal to that value.
The unique identifier validity value is sent in a UIDVALIDITY
response code in an OK untagged response at mailbox selection time.
If unique identifiers from an earlier session fail to persist in this
session, the unique identifier validity value MUST be greater than
the one used in the earlier session.
A good UIDVALIDITY value to use
is a 32-bit representation of the current date/time when the value
is assigned: this ensures that the value is unique and always
increases. Another possible alternative is a global counter
that gets incremented every time a mailbox is created.
Note: Ideally, unique identifiers SHOULD persist at all
times. Although this specification recognizes that failure
to persist can be unavoidable in certain server
environments, it STRONGLY ENCOURAGES message store
implementation techniques that avoid this problem. For
example:
Unique identifiers MUST be strictly ascending in the
mailbox at all times. If the physical message store is
re-ordered by a non-IMAP agent, this requires that the
unique identifiers in the mailbox be regenerated, since
the former unique identifiers are no longer strictly
ascending as a result of the re-ordering.
If the message store has no mechanism to store unique
identifiers, it must regenerate unique identifiers at
each session, and each session must have a unique
UIDVALIDITY value.
If the mailbox is deleted/renamed and a new mailbox with the
same name is created at a later date, the server must
either keep track of unique identifiers from the
previous instance of the mailbox, or it must assign a
new UIDVALIDITY value to the new instance of the
mailbox.
The combination of mailbox name, UIDVALIDITY, and UID
must refer to a single immutable (or expunged) message on that server
forever. In particular, the internal date,
size, envelope, body structure, and message texts
(all BODY[...] fetch data items) must never change. This does not
include message numbers, nor does it include attributes
that can be set by a STORE command (e.g., FLAGS). When a message
is expunged, its UID MUST NOT be reused under the same
UIDVALIDITY value.
A relative position from 1 to the number of messages in the mailbox.
This position MUST be ordered by ascending unique identifier. As
each new message is added, it is assigned a message sequence number
that is 1 higher than the number of messages in the mailbox before
that new message was added.
Message sequence numbers can be reassigned during the session. For
example, when a message is permanently removed (expunged) from the
mailbox, the message sequence number for all subsequent messages is
decremented. The number of messages in the mailbox is also
decremented. Similarly, a new message can be assigned a message
sequence number that was once held by some other message prior to an
expunge.
In addition to accessing messages by relative position in the
mailbox, message sequence numbers can be used in mathematical
calculations. For example, if an untagged "11 EXISTS" is received,
and previously an untagged "8 EXISTS" was received, three new
messages have arrived with message sequence numbers of 9, 10, and 11.
Another example, if message 287 in a 523 message mailbox has UID
12345, there are exactly 286 messages which have lesser UIDs and 236
messages which have greater UIDs.
A list of zero or more named tokens associated with the message. A
flag is set by its addition to this list, and is cleared by its
removal. There are two types of flags in IMAP4rev2. A flag of
either type can be permanent or session-only.
A system flag is a flag name that is pre-defined in this
specification and begin with "\".
Certain system flags (\Deleted and \Seen) have special semantics described
elsewhere in this document. The currently-defined system flags are:
Message has been read
Message has been answered
Message is "flagged" for urgent/special attention
Message is "deleted" for removal by later EXPUNGE
Message has not completed composition (marked as a draft).
This flag was in used in IMAP4rev1 and is now deprecated.
A keyword is defined by the server implementation. Keywords do not
begin with "\". Servers MAY permit the client to define new keywords
in the mailbox (see the description of the PERMANENTFLAGS response
code for more information). Some keywords that start with "$"
are also defined in this specification.
This document defines several keywords that were not originally defined
in RFC 3501, but which were found to be useful by client implementations.
These keywords SHOULD be supported (i.e. allowed in SEARCH, allowed and preserved in APPEND, COPY, MOVE commands)
by server implementations:
Message has been forwarded to another email address,
embedded within or attached to a new message. An email client
sets this keyword when it successfully forwards the message to
another email address. Typical usage of this keyword is to show a
different (or additional) icon for a message that has been forwarded.
Once set, the flag SHOULD NOT be cleared.
Message Disposition Notification was generated and sent for this message.
See for more details on how this keyword is used.
The user (or a delivery agent on behalf of the user) may choose to mark a message as definitely
containing junk ($Junk; see also the related keyword $NotJunk). The $Junk keyword
can be used to mark (and potentially move/delete messages later), group or hide undesirable messages.
See for more information.
The user (or a delivery agent on behalf of the user) may choose to mark a message as definitely
not containing junk ($NotJunk; see also the related keyword $Junk). The $NotJunk keyword
can be used to mark, group or show messages that the user wants to see.
See for more information.
The $Phishing keyword can be used by a delivery agent to mark a message
as highly likely to be a phishing email. An email that’s determined to
be a phishing email by the delivery agent should also be considered a
junk email and have the appropriate junk filtering applied, including
setting the $Junk flag and placing in the \Junk special-use mailbox (see )
if available.
If both the $Phishing flag and the $Junk flag are set, the user agent
should display an additional warning message to the user. User agents
should not use the term "phishing" in their warning message as most
users do not understand this term. Phrasing of the form "this message
may be trying to steal your personal information" is recommended.
Additionally the user agent may display a warning when clicking on any
hyperlinks within the message.
The requirement for both $Phishing and $Junk to be set before a user
agent displays a warning is for better backwards compatibility with
existing clients that understand the $Junk flag but not the $Phishing
flag. This so that when an unextended client removes the $Junk flag, an
extended client will also show the correct state.
See for more information.
$Junk and $NotJunk are mutually exclusive. If more than one of
them is set for a message, the client MUST treat this as if
none of them is set and SHOULD unset both of them on the IMAP
server.
Other registered keywords can be found in the "IMAP and JMAP Keywords" registry .
New keywords SHOULD be registered in this registry using the procedure specified in .
A flag can be permanent or session-only on a per-flag basis.
Permanent flags are those which the client can add or remove from the
message flags permanently; that is, concurrent and subsequent
sessions will see any change in permanent flags. Changes to session
flags are valid only in that session.
The internal date and time of the message on the server. This
is not the date and time in the header, but rather a
date and time which reflects when the message was received. In
the case of messages delivered via , this SHOULD be the
date and time of final delivery of the message as defined by
. In the case of messages delivered by the IMAP4rev2 COPY or MOVE
command, this SHOULD be the internal date and time of the source
message. In the case of messages delivered by the IMAP4rev2
APPEND command, this SHOULD be the date and time as specified in
the APPEND command description. All other cases are
implementation defined.
The number of octets in the message, as expressed in
format.
A parsed representation of the header of the message.
Note that the IMAP Envelope structure is not the same as an
envelope.
A parsed representation of the body structure
information of the message.
In addition to being able to fetch the full text of a
message, IMAP4rev2 permits the fetching of portions of the full
message text. Specifically, it is possible to fetch the
message header, message body, a
body part, or a header.
Once the connection between client and server is established, an
IMAP4rev2 connection is in one of four states. The initial
state is identified in the server greeting. Most commands are
only valid in certain states. It is a protocol error for the
client to attempt a command while the connection is in an
inappropriate state, and the server will respond with a BAD or
NO (depending upon server implementation) command completion
result.
In the not authenticated state, the client MUST supply
authentication credentials before most commands will be
permitted. This state is entered when a connection starts
unless the connection has been pre-authenticated.
In the authenticated state, the client is authenticated and MUST
select a mailbox to access before commands that affect messages
will be permitted. This state is entered when a
pre-authenticated connection starts, when acceptable
authentication credentials have been provided, after an error in
selecting a mailbox, or after a successful CLOSE command.
In a selected state, a mailbox has been selected to access.
This state is entered when a mailbox has been successfully
selected.
In the logout state, the connection is being terminated. This
state can be entered as a result of a client request (via the
LOGOUT command) or by unilateral action on the part of either
the client or server.
If the client requests the logout state, the server MUST send an
untagged BYE response and a tagged OK response to the LOGOUT
command before the server closes the connection; and the client
MUST read the tagged OK response to the LOGOUT command before
the client closes the connection.
A server SHOULD NOT unilaterally close the connection without
sending an untagged BYE response that contains the reason for
having done so. A client SHOULD NOT unilaterally close the
connection, and instead SHOULD issue a LOGOUT command. If the
server detects that the client has unilaterally closed the
connection, the server MAY omit the untagged BYE response and
simply close its connection.
IMAP4rev2 uses textual commands and responses. Data in
IMAP4rev2 can be in one of several forms: atom, number, string,
parenthesized list, or NIL. Note that a particular data item
may take more than one form; for example, a data item defined as
using "astring" syntax may be either an atom or a string.
An atom consists of one or more non-special characters.
A set of messages can be referenced by a sequence set containing either
message sequence numbers or unique identifiers. See for details.
Sequence sets can contain ranges (e.g. "5:50"), an enumeration of specific message/UID numbers,
a special symbol "*", or a combination of the above.
A "UID set" is similar to the sequence set of unique identifiers; however, the "*"
value for a sequence number is not permitted.
A number consists of one or more digit characters, and
represents a numeric value.
A string is in one of three forms: synchonizing literal, non-synchronizing literal or quoted
string. The synchronizing literal form is the general form of string.
The non-synchronizing literal form is also the general form, but has length limitation. The
quoted string form is an alternative that avoids the overhead of
processing a literal at the cost of limitations of characters
which may be used.
When the distinction between synchronizing and non-synchronizing literals is not important,
this document just uses the term "literal".
A synchronizing literal is a sequence of zero or more octets (including CR and
LF), prefix-quoted with an octet count in the form of an open
brace ("{"), the number of octets, close brace ("}"), and CRLF.
In the case of synchronizing literals transmitted from server to client, the
CRLF is immediately followed by the octet data. In the case of
synchronizing literals transmitted from client to server, the client MUST wait
to receive a command continuation request (described later in
this document) before sending the octet data (and the remainder
of the command).
The non-synchronizing literal is an alternate form of synchronizing
literal, and it may appear in communication from client to server
instead of the synchonizing form of literal. The non-synchronizing literal form
MUST NOT be sent from server to client.
The non-synchronizing literal is distinguished from the synchronizing literal
by having a plus ("+") between the octet count
and the closing brace ("}"). The server does not generate a command
continuation request in response to a non-synchronizing literal, and
clients are not required to wait before sending the octets of a non-
synchronizing literal. Non-synchronizing literals MUST NOT be larger than 4096 octets.
Any literal larger than 4096 bytes MUST be sent as a synchronizing literal.
(Non-synchronizing literals defined in this document are the same as
non-synchronizing literals defined by the LITERAL- extension from .
See that document for details on how to handle invalid non-synchronizing literals
longer than 4096 octets and for interaction with other IMAP extensions.)
A quoted string is a sequence of zero or more Unicode characters,
excluding CR and LF, encoded in UTF-8, with double quote (<">) characters at each
end.
The empty string is represented as "" (a quoted string
with zero characters between double quotes), as {0} followed
by CRLF (a synchronizing literal with an octet count of 0) or
as {0+} followed by CRLF (a non-synchronizing literal with an octet count of 0).
Note: Even if the octet count is 0, a client transmitting a
synchronizing literal MUST wait to receive a command continuation request.
8-bit textual and binary mail is supported through the use of a
content transfer encoding. IMAP4rev2 implementations MAY
transmit 8-bit or multi-octet characters in literals, but SHOULD do
so only when the is identified.
IMAP4rev2 is compatible with . As a result,
the identified charset for header-field values with 8-bit content is
UTF-8 . IMAP4rev2 implementations MUST accept
and MAY transmit text in quoted-strings as
long as the string does not contain NUL, CR, or LF. This differs from
IMAP4rev1 implementations.
Although a BINARY content transfer encoding is defined, unencoded binary strings
are not permitted, unless returned in a <literal8> in response to
BINARY.PEEK[<section-binary>]<<partial>> or BINARY[<section-binary>]<<partial>>
FETCH data item. A "binary string" is any string with NUL
characters. A string with an excessive amount of CTL characters MAY also be considered to be
binary. Unless returned in response to BINARY.PEEK[...]/BINARY[...] FETCH,
client and server implementations MUST encode binary data into a textual
form, such as BASE64, before transmitting the data.
Data structures are represented as a "parenthesized list"; a sequence
of data items, delimited by space, and bounded at each end by
parentheses. A parenthesized list can contain other parenthesized
lists, using multiple levels of parentheses to indicate nesting.
The empty list is represented as () -- a parenthesized list with no
members.
The special form "NIL" represents the non-existence of a particular
data item that is represented as a string or parenthesized list, as
distinct from the empty string "" or the empty parenthesized list ().
Note: NIL is never used for any data item which takes the
form of an atom. For example, a mailbox name of "NIL" is a
mailbox named NIL as opposed to a non-existent mailbox
name. This is because mailbox uses "astring" syntax which
is an atom or a string. Conversely, an addr-name of NIL is
a non-existent personal name, because addr-name uses
"nstring" syntax which is NIL or a string, but never an
atom.
The following rules are listed here to ensure that all IMAP4rev2
implementations interoperate properly.
In IMAP4rev2, Mailbox names are encoded in Net-Unicode (this differs from IMAP4rev1). Client
implementations MAY attempt to create Net-Unicode mailbox names, and
MUST interpret any 8-bit mailbox names returned by LIST as
. Server implementations MUST prohibit
the creation of 8-bit mailbox names that do not comply with
Net-Unicode. However, servers MAY accept a de-normalized UTF-8
mailbox name and convert it to Unicode normalization form "NFC"
(as per Net-Unicode requirements) prior to mailbox creation.
Servers that choose to accept such de-normalized UTF-8 mailbox
names MUST accept them in all IMAP commands that have a mailbox name parameter.
In particular SELECT <name> must open the same mailbox that
was successfully created with CREATE <name>, even if <name>
is a de-normalized UTF-8 mailbox name.
The case-insensitive mailbox name INBOX is a special name reserved to
mean "the primary mailbox for this user on this server". (Note that
this special name may not exist on some servers for some users, for example
if the user has no access to personal namespace.) The
interpretation of all other names is implementation-dependent.
In particular, this specification takes no position on case
sensitivity in non-INBOX mailbox names. Some server implementations
are fully case-sensitive in ASCII range; others preserve case of a newly-created
name but otherwise are case-insensitive; and yet others coerce names
to a particular case. Client implementations must be able to interact with any
of these.
There are certain client considerations when creating a new mailbox
name:
Any character which is one of the atom-specials (see the Formal
Syntax) will require that the mailbox name be represented as a
quoted string or literal.
CTL and other non-graphic characters are difficult to represent
in a user interface and are best avoided. Servers MAY refuse to
create mailbox names containing Unicode CTL characters.
Although the list-wildcard characters ("%" and "*") are valid
in a mailbox name, it is difficult to use such mailbox names
with the LIST command due to the conflict with
wildcard interpretation.
Usually, a character (determined by the server implementation)
is reserved to delimit levels of hierarchy.
Two characters, "#" and "&", have meanings by convention, and
should be avoided except when used in that convention. See
and respectively.
If it is desired to export hierarchical mailbox names, mailbox names
MUST be left-to-right hierarchical using a single character to
separate levels of hierarchy. The same hierarchy separator character
is used for all levels of hierarchy within a single name.
Personal Namespace: A namespace that the server considers within the
personal scope of the authenticated user on a particular connection.
Typically, only the authenticated user has access to mailboxes in
their Personal Namespace. It is the part of the namespace that
belongs to the user that is allocated for mailboxes. If an INBOX
exists for a user, it MUST appear within the user's personal
namespace. In the typical case, there SHOULD be only one Personal
Namespace on a server.
Other Users' Namespace: A namespace that consists of mailboxes from
the Personal Namespaces of other users. To access mailboxes in the
Other Users' Namespace, the currently authenticated user MUST be
explicitly granted access rights. For example, it is common for a
manager to grant to their secretary access rights to their mailbox.
In the typical case, there SHOULD be only one Other Users' Namespace
on a server.
Shared Namespace: A namespace that consists of mailboxes that are
intended to be shared amongst users and do not exist within a user's
Personal Namespace.
The namespaces a server uses MAY differ on a per-user basis.
By convention, the first hierarchical element of any mailbox name
which begins with "#" identifies the "namespace" of the remainder of
the name. This makes it possible to disambiguate between different
types of mailbox stores, each of which have their own namespaces.
For example, implementations which offer access to USENET
newsgroups MAY use the "#news" namespace to partition the
USENET newsgroup namespace from that of other mailboxes.
Thus, the comp.mail.misc newsgroup would have a mailbox
name of "#news.comp.mail.misc", and the name
"comp.mail.misc" can refer to a different object (e.g., a
user's private mailbox).
Namespaces that include the "#" character are not IMAP URL friendly
requiring the "#" character to be represented as %23 when within URLs.
As such, server implementers MAY instead consider using namespace prefixes that do not contain
the "#" character.
Previous version of this protocol does not define a default server namespace.
Two common namespace models have evolved:
The "Personal Mailbox" model, in which the default namespace that is
presented consists of only the user's personal mailboxes. To access
shared mailboxes, the user must use an escape mechanism to reach
another namespace.
The "Complete Hierarchy" model, in which the default namespace that
is presented includes the user's personal mailboxes along with any
other mailboxes they have access to.
At any time, a server can send data that the client did not request.
Sometimes, such behavior is REQUIRED. For example, agents other than
the server MAY add messages to the mailbox (e.g., new message
delivery), change the flags of the messages in the mailbox (e.g.,
simultaneous access to the same mailbox by multiple agents), or even
remove messages from the mailbox. A server MUST send mailbox size
updates automatically if a mailbox size change is observed during the
processing of a command. A server SHOULD send message flag updates
automatically, without requiring the client to request such updates
explicitly.
Special rules exist for server notification of a client about the
removal of messages to prevent synchronization errors; see the
description of the EXPUNGE response for more detail. In particular,
it is NOT permitted to send an EXISTS response that would reduce the
number of messages in the mailbox; only the EXPUNGE response can do
this.
Regardless of what implementation decisions a client makes on
remembering data from the server, a client implementation MUST record
mailbox size updates. It MUST NOT assume that any command after the
initial mailbox selection will return the size of the mailbox.
Server implementations are permitted to send an untagged response
(except for EXPUNGE) while there is no command in progress. Server
implementations that send such responses MUST deal with flow control
considerations. Specifically, they MUST either (1) verify that the
size of the data does not exceed the underlying transport's available
window size, or (2) use non-blocking writes.
If a server has an inactivity autologout timer that applies to
sessions after authentication, the duration of that
timer MUST be at least 30 minutes. The receipt of ANY command from
the client during that interval SHOULD suffice to reset the
autologout timer.
The client MAY send another command without waiting for the
completion result response of a command, subject to ambiguity rules
(see below) and flow control constraints on the underlying data
stream. Similarly, a server MAY begin processing another command
before processing the current command to completion, subject to
ambiguity rules. However, any command continuation request responses
and command continuations MUST be negotiated before any subsequent
command is initiated.
The exception is if an ambiguity would result because of a command
that would affect the results of other commands.
If the server detects a possible ambiguity, it MUST execute commands
to completion in the order given by the client.
The most obvious example of ambiguity is when a command would affect
the results of another command, e.g., a FETCH of a message's flags
and a STORE of that same message's flags.
A non-obvious ambiguity occurs with commands that permit an untagged
EXPUNGE response (commands other than FETCH, STORE, and SEARCH),
since an untagged EXPUNGE response can invalidate sequence numbers in
a subsequent command. This is not a problem for FETCH, STORE, or
SEARCH commands because servers are prohibited from sending EXPUNGE
responses while any of those commands are in progress. Therefore, if
the client sends any command other than FETCH, STORE, or SEARCH, it
MUST wait for the completion result response before sending a command
with message sequence numbers.
Note: EXPUNGE responses are permitted while UID FETCH,
UID STORE, and UID SEARCH are in progress. If the client
sends a UID command, it MUST wait for a completion result
response before sending a command which uses message
sequence numbers (this may include UID SEARCH). Any
message sequence numbers in an argument to UID SEARCH
are associated with messages prior to the effect of any
untagged EXPUNGE returned by the UID SEARCH.
For example, the following non-waiting command sequences are invalid:
FETCH + NOOP + STORESTORE + COPY + FETCHCOPY + COPY
The following are examples of valid non-waiting command sequences:
FETCH + STORE + SEARCH + NOOPSTORE + COPY + EXPUNGEUID SEARCH + UID SEARCH may be valid or invalid as a non-waiting
command sequence, depending upon whether or not the second UID
SEARCH contains message sequence numbers.
Use of SEARCH result variable (see ) creates
direct dependency between two commands. See
for more considerations about pipelining such dependent commands.
IMAP4rev2 commands are described in this section. Commands are
organized by the state in which the command is permitted. Commands
which are permitted in multiple states are listed in the minimum
permitted state (for example, commands valid in authenticated and
selected state are listed in the authenticated state commands).
Command arguments, identified by "Arguments:" in the command
descriptions below, are described by function, not by syntax. The
precise syntax of command arguments is described in the Formal Syntax
().
Some commands cause specific server responses to be returned; these
are identified by "Responses:" in the command descriptions below.
See the response descriptions in the Responses section for
information on these responses, and the Formal Syntax section for the
precise syntax of these responses. It is possible for server data to
be transmitted as a result of any command. Thus, commands that do
not specifically require server data specify "no specific responses
for this command" instead of "none".
The "Result:" in the command description refers to the possible
tagged status responses to a command, and any special interpretation
of these status responses.
The state of a connection is only changed by successful commands
which are documented as changing state. A rejected command (BAD
response) never changes the state of the connection or of the
selected mailbox. A failed command (NO response) generally does not
change the state of the connection or of the selected mailbox; the
exception being the SELECT and EXAMINE commands.
The following commands are valid in any state: CAPABILITY, NOOP, and
LOGOUT.
noneREQUIRED untagged response: CAPABILITYOK - capability completed
BAD - command unknown or arguments invalid
The CAPABILITY command requests a listing of capabilities that the
server supports. The server MUST send a single untagged
CAPABILITY response with "IMAP4rev2" as one of the listed
capabilities before the (tagged) OK response.
A capability name which begins with "AUTH=" indicates that the
server supports that particular authentication mechanism. All
such names are, by definition, part of this specification. For
example, the authorization capability for an experimental
"blurdybloop" authenticator would be "AUTH=XBLURDYBLOOP" and not
"XAUTH=BLURDYBLOOP" or "XAUTH=XBLURDYBLOOP".
Other capability names refer to extensions, revisions, or
amendments to this specification. See the documentation of the
CAPABILITY response for additional information. No capabilities,
beyond the base IMAP4rev2 set defined in this specification, are
enabled without explicit client action to invoke the capability.
Client and server implementations MUST implement the STARTTLS,
LOGINDISABLED, and AUTH=PLAIN (described in )
capabilities. See the Security Considerations section for
important information.
See the section entitled "Client Commands -
Experimental/Expansion" for information about the form of site or
implementation-specific capabilities.
noneno specific responses for this command (but see below)OK - noop completed
BAD - command unknown or arguments invalid
The NOOP command always succeeds. It does nothing.
Since any command can return a status update as untagged data, the
NOOP command can be used as a periodic poll for new messages or
message status updates during a period of inactivity (the IDLE
command should be used instead of NOOP if real-time updates
to mailbox state are desirable). The NOOP command can also be used
to reset any inactivity autologout timer on the server.
noneREQUIRED untagged response: BYEOK - logout completed
BAD - command unknown or arguments invalid
The LOGOUT command informs the server that the client is done with
the connection. The server MUST send a BYE untagged response
before the (tagged) OK response, and then close the network
connection.
In the not authenticated state, the AUTHENTICATE or LOGIN command
establishes authentication and enters the authenticated state. The
AUTHENTICATE command provides a general mechanism for a variety of
authentication techniques, privacy protection, and integrity
checking; whereas the LOGIN command uses a traditional user name and
plaintext password pair and has no means of establishing privacy
protection or integrity checking.
The STARTTLS command is an alternate form of establishing session
privacy protection and integrity checking, but does not by itself establish
authentication or enter the authenticated state.
Server implementations MAY allow access to certain mailboxes without
establishing authentication. This can be done by means of the
ANONYMOUS authenticator described in . An older
convention is a LOGIN command using the userid "anonymous"; in this
case, a password is required although the server may choose to accept
any password. The restrictions placed on anonymous users are
implementation-dependent.
Once authenticated (including as anonymous), it is not possible to
re-enter not authenticated state.
In addition to the universal commands (CAPABILITY, NOOP, and LOGOUT),
the following commands are valid in the not authenticated state:
STARTTLS, AUTHENTICATE and LOGIN. See the Security Considerations
section for important information about these commands.
noneno specific response for this commandOK - starttls completed, begin TLS negotiation
BAD - command unknown or arguments invalid
A negotiation begins immediately after the CRLF at the end
of the tagged OK response from the server. Once a client issues a
STARTTLS command, it MUST NOT issue further commands until a
server response is seen and the negotiation is complete.
The server remains in the non-authenticated state, even if client
credentials are supplied during the negotiation. This does
not preclude an authentication mechanism such as EXTERNAL (defined
in ) from using client identity determined by the
negotiation.
Once has been started, the client MUST discard cached
information about server capabilities and SHOULD re-issue the
CAPABILITY command. This is necessary to protect against man-in-
the-middle attacks which alter the capabilities list prior to
STARTTLS. The server MAY advertise different capabilities, and
in particular SHOULD NOT advertise the STARTTLS capability, after
a successful STARTTLS command.
SASL authentication mechanism name
OPTIONAL initial responsecontinuation data can be requestedOK - authenticate completed, now in authenticated state
NO - authenticate failure: unsupported authentication
mechanism, credentials rejected
BAD - command unknown or arguments invalid,
authentication exchange cancelled
The AUTHENTICATE command indicates a authentication
mechanism to the server. If the server supports the requested
authentication mechanism, it performs an authentication protocol
exchange to authenticate and identify the client. It MAY also
negotiate an OPTIONAL security layer for subsequent protocol
interactions. If the requested authentication mechanism is not
supported, the server SHOULD reject the AUTHENTICATE command by
sending a tagged NO response.
The AUTHENTICATE command supports the optional "initial response"
feature defined in Section 5.1 of . The client
doesn't need to use it. If a SASL mechanism supports "initial response",
but it is not specified by the client, the server handles this as specified
in Section 3 of .
The service name specified by this protocol's profile of is
"imap".
The authentication protocol exchange consists of a series of
server challenges and client responses that are specific to the
authentication mechanism. A server challenge consists of a
command continuation request response with the "+" token followed
by a BASE64 encoded (see Section 4 of ) string.
The client response consists of a
single line consisting of a BASE64 encoded string. If the client
wishes to cancel an authentication exchange, it issues a line
consisting of a single "*". If the server receives such a
response, or if it receives an invalid BASE64 string (e.g.
characters outside the BASE64 alphabet, or non-terminal "="), it
MUST reject the AUTHENTICATE command by sending a tagged BAD
response.
As with any other client response, this initial response MUST
be encoded as BASE64.
It also MUST be transmitted outside of a quoted string or literal.
To send a zero-length initial response, the client MUST send
a single pad character ("="). This indicates that the response is present,
but is a zero-length string.
When decoding the BASE64 data in the initial response,
decoding errors MUST be treated as in any normal SASL client response,
i.e. with a tagged BAD response. In particular, the
server should check for any characters not explicitly allowed by the
BASE64 alphabet, as well as any sequence of BASE64 characters that
contains the pad character ('=') anywhere other than the end of the
string (e.g., "=AAA" and "AAA=BBB" are not allowed).
If the client uses an initial response with a SASL mechanism that
does not support an initial response, the server MUST reject the
command with a tagged BAD response.
If a security layer is negotiated through the
authentication exchange, it takes effect immediately following the
CRLF that concludes the authentication exchange for the client,
and the CRLF of the tagged OK response for the server.
While client and server implementations MUST implement the
AUTHENTICATE command itself, it is not required to implement any
authentication mechanisms other than the PLAIN mechanism described
in . Also, an authentication mechanism is not required
to support any security layers.
Note: a server implementation MUST implement a
configuration in which it does NOT permit any plaintext
password mechanisms, unless either the STARTTLS command
has been negotiated or some other mechanism that
protects the session from password snooping has been
provided. Server sites SHOULD NOT use any configuration
which permits a plaintext password mechanism without
such a protection mechanism against password snooping.
Client and server implementations SHOULD implement
additional mechanisms that do not use plaintext
passwords, such the GSSAPI mechanism described in
and/or the SCRAM-SHA-256/SCRAM-SHA-256-PLUS mechanisms.
Servers and clients can support multiple authentication
mechanisms. The server SHOULD list its supported authentication
mechanisms in the response to the CAPABILITY command so that the
client knows which authentication mechanisms to use.
A server MAY include a CAPABILITY response code in the tagged OK
response of a successful AUTHENTICATE command in order to send
capabilities automatically. It is unnecessary for a client to
send a separate CAPABILITY command if it recognizes these
automatic capabilities. This should only be done if a security
layer was not negotiated by the AUTHENTICATE command, because the
tagged OK response as part of an AUTHENTICATE command is not
protected by encryption/integrity checking. requires the
client to re-issue a CAPABILITY command in this case.
The server MAY advertise different capabilities after
a successful AUTHENTICATE command.
If an AUTHENTICATE command fails with a NO response, the client
MAY try another authentication mechanism by issuing another
AUTHENTICATE command. It MAY also attempt to authenticate by
using the LOGIN command (see for more detail). In
other words, the client MAY request authentication types in
decreasing order of preference, with the LOGIN command as a last
resort.
The authorization identity passed from the client to the server
during the authentication exchange is interpreted by the server as
the user name whose privileges the client is requesting.
Note: The line breaks within server challenges and client
responses are for editorial clarity and are not in real
authenticators.
user name
passwordno specific responses for this commandOK - login completed, now in authenticated state
NO - login failure: user name or password rejected
BAD - command unknown or arguments invalid
The LOGIN command identifies the client to the server and carries
the plaintext password authenticating this user.
A server MAY include a CAPABILITY response code in the tagged OK
response to a successful LOGIN command in order to send
capabilities automatically. It is unnecessary for a client to
send a separate CAPABILITY command if it recognizes these
automatic capabilities.
Note: Use of the LOGIN command over an insecure network
(such as the Internet) is a security risk, because anyone
monitoring network traffic can obtain plaintext passwords.
The LOGIN command SHOULD NOT be used except as a last
resort, and it is recommended that client implementations
have a means to disable any automatic use of the LOGIN
command.
Unless either the client is accessing IMAP service on IMAPS port ,
the STARTTLS command has been negotiated or
some other mechanism that protects the session from
password snooping has been provided, a server
implementation MUST implement a configuration in which it
advertises the LOGINDISABLED capability and does NOT permit
the LOGIN command. Server sites SHOULD NOT use any
configuration which permits the LOGIN command without such
a protection mechanism against password snooping. A client
implementation MUST NOT send a LOGIN command if the
LOGINDISABLED capability is advertised.
In the authenticated state, commands that manipulate mailboxes as
atomic entities are permitted. Of these commands, the SELECT and
EXAMINE commands will select a mailbox for access and enter the
selected state.
In addition to the universal commands (CAPABILITY, NOOP, and LOGOUT),
the following commands are valid in the authenticated state: ENABLE, SELECT,
EXAMINE, NAMESPACE, CREATE, DELETE, RENAME, SUBSCRIBE, UNSUBSCRIBE, LIST,
STATUS, APPEND and IDLE.
capability namesno specific responses for this commandOK - Relevant capabilities enabled
BAD - No arguments, or syntax error in an argument
Several IMAP extensions allow the server to return unsolicited
responses specific to these extensions in certain circumstances.
However, servers cannot send those unsolicited responses
(with the exception of response codes (see )
included in tagged or untagged OK/NO/BAD responses, which can always be sent)
until they know that the clients support such extensions and thus won't choke on
the extension response data.
The ENABLE command provides an explicit indication from the client
that it supports particular extensions. It is designed such that
the client can send a simple constant string with the extensions it
supports, and the server will enable the shared subset that both
support.
The ENABLE command takes a list of capability names, and requests the
server to enable the named extensions. Once enabled using ENABLE,
each extension remains active until the IMAP connection is closed.
For each argument, the server does the following:
If the argument is not an extension known to the server, the server
MUST ignore the argument.
If the argument is an extension known to the server, and it is not
specifically permitted to be enabled using ENABLE, the server MUST
ignore the argument. (Note that knowing about an extension doesn't
necessarily imply supporting that extension.)
If the argument is an extension that is supported by the server and
that needs to be enabled, the server MUST enable the extension for
the duration of the connection. Note that once an extension is enabled,
there is no way to disable it.
If the ENABLE command is successful, the server MUST send an untagged
ENABLED response .
Clients SHOULD only include extensions that need to be enabled by the
server. For example, a client can enable IMAP4rev2 specific behaviour
when both IMAP4rev1 and IMAP4rev2 are advertised in the CAPABILITY response.
Future RFCs may add to this list.
The ENABLE command is only valid in the authenticated state,
before any mailbox is selected. Clients MUST NOT issue
ENABLE once they SELECT/EXAMINE a mailbox; however, server
implementations don't have to check that no mailbox is selected or
was previously selected during the duration of a connection.
The ENABLE command can be issued multiple times in a session. It is
additive; i.e., "ENABLE a b", followed by "ENABLE c" is the same as a
single command "ENABLE a b c". When multiple ENABLE commands are
issued, each corresponding ENABLED response SHOULD only contain
extensions enabled by the corresponding ENABLE command, i.e.
for the above example, the ENABLED response to "ENABLE c" should not
contain "a" or "b".
There are no limitations on pipelining ENABLE. For example, it is
possible to send ENABLE and then immediately SELECT, or a LOGIN
immediately followed by ENABLE.
The server MUST NOT change the CAPABILITY list as a result of
executing ENABLE; i.e., a CAPABILITY command issued right after an
ENABLE command MUST list the same capabilities as a CAPABILITY
command issued before the ENABLE command. This is demonstrated in
the following example:
In the following example, the client enables CONDSTORE:
Designers of IMAP extensions are discouraged from creating extensions
that require ENABLE unless there is no good alternative design.
Specifically, extensions that cause potentially incompatible behavior
changes to deployed server responses (and thus benefit from ENABLE)
have a higher complexity cost than extensions that do not.
mailbox nameREQUIRED untagged responses: FLAGS, EXISTS
REQUIRED OK untagged responses: PERMANENTFLAGS,
UIDNEXT, UIDVALIDITY
REQUIRED untagged response: LISTOK - select completed, now in selected state
NO - select failure, now in authenticated state: no
such mailbox, can't access mailbox
BAD - command unknown or arguments invalid
The SELECT command selects a mailbox so that messages in the
mailbox can be accessed. Before returning an OK to the client,
the server MUST send the following untagged data to the client.
(The order of individual responses is not important.)
Note that earlier versions of this protocol (e.g. IMAP2bis) only required the
FLAGS and EXISTS untagged data; consequently, client
implementations SHOULD implement default behavior for missing data
as discussed with the individual item.
Defined flags in the mailbox. See the description
of the FLAGS response for more detail.The number of messages in the mailbox. See the
description of the EXISTS response for more detail.The server MUST return a LIST response
with the mailbox name.
If the server allows de-normalized UTF-8 mailbox names
(see ) and the supplied mailbox name
differs from the normalized version, the server MUST return
LIST with the OLDNAME extended data item. See
for more details.
A list of message flags that the client can change
permanently. If this is missing, the client should
assume that all flags can be changed permanently.
The next unique identifier value. Refer to
for more information.
The unique identifier validity value. Refer to
for more information.
Only one mailbox can be selected at a time in a connection;
simultaneous access to multiple mailboxes requires multiple
connections. The SELECT command automatically deselects any
currently selected mailbox before attempting the new selection.
Consequently, if a mailbox is selected and a SELECT command that
fails is attempted, no mailbox is selected.
When deselecting a selected mailbox, the server MUST return
an untagged OK response with the "[CLOSED]" response code when
the currently selected mailbox is closed (see ).
If the client is permitted to modify the mailbox, the server
SHOULD prefix the text of the tagged OK response with the
"[READ-WRITE]" response code.
If the client is not permitted to modify the mailbox but is
permitted read access, the mailbox is selected as read-only, and
the server MUST prefix the text of the tagged OK response to
SELECT with the "[READ-ONLY]" response code. Read-only access
through SELECT differs from the EXAMINE command in that certain
read-only mailboxes MAY permit the change of permanent state on a
per-user (as opposed to global) basis. Netnews messages marked in
a server-based .newsrc file are an example of such per-user
permanent state that can be modified with read-only mailboxes.
Note that IMAP4rev1 compliant servers can also send the untagged RECENT
response which was deprecated in IMAP4rev2. E.g. "* 0 RECENT".
Pure IMAP4rev2 clients are advised to ignore the untagged RECENT response.
mailbox nameREQUIRED untagged responses: FLAGS, EXISTS
REQUIRED OK untagged responses: PERMANENTFLAGS,
UIDNEXT, UIDVALIDITY
REQUIRED untagged response: LISTOK - examine completed, now in selected state
NO - examine failure, now in authenticated state: no
such mailbox, can't access mailbox
BAD - command unknown or arguments invalid
The EXAMINE command is identical to SELECT and returns the same
output; however, the selected mailbox is identified as read-only.
No changes to the permanent state of the mailbox, including
per-user state, are permitted.
The text of the tagged OK response to the EXAMINE command MUST
begin with the "[READ-ONLY]" response code.
mailbox nameOPTIONAL untagged response: LISTOK - create completed
NO - create failure: can't create mailbox with that name
BAD - command unknown or arguments invalid
The CREATE command creates a mailbox with the given name. An OK
response is returned only if a new mailbox with that name has been
created. It is an error to attempt to create INBOX or a mailbox
with a name that refers to an extant mailbox. Any error in
creation will return a tagged NO response. If a client attempts
to create a UTF-8 mailbox name that is not a valid Net-Unicode
name, the server MUST reject the creation or convert the name to
Net-Unicode prior to creating the mailbox.
If the server decides to convert (normalize) the name,
it SHOULD return an untagged LIST with OLDNAME extended data item,
with the OLDNAME value being the supplied mailbox name and the
name parameter being the normalized mailbox name.
(See for more details.)
Mailboxes created in one IMAP session MAY be announced to other
IMAP sessions using unsolicited LIST response.
If the server automatically subscribes a mailbox when it is created,
then the unsolicited LIST response for each affected
subscribed mailbox name MUST include the \Subscribed attribute.
If the mailbox name is suffixed with the server's hierarchy
separator character (as returned from the server by a LIST
command), this is a declaration that the client intends to create
mailbox names under this name in the hierarchy. Server
implementations that do not require this declaration MUST ignore
the declaration. In any case, the name created is without the
trailing hierarchy delimiter.
If the server's hierarchy separator character appears elsewhere in
the name, the server SHOULD create any superior hierarchical names
that are needed for the CREATE command to be successfully
completed. In other words, an attempt to create "foo/bar/zap" on
a server in which "/" is the hierarchy separator character SHOULD
create foo/ and foo/bar/ if they do not already exist.
If a new mailbox is created with the same name as a mailbox which
was deleted, its unique identifiers MUST be greater than any
unique identifiers used in the previous incarnation of the mailbox
UNLESS the new incarnation has a different unique identifier
validity value. See the description of the UID command for more
detail.
Note: The interpretation of this example depends on whether
"/" was returned as the hierarchy separator from LIST. If
"/" is the hierarchy separator, a new level of hierarchy
named "owatagusiam" with a member called "blurdybloop" is
created. Otherwise, two mailboxes at the same hierarchy
level are created.
mailbox nameOPTIONAL untagged response: LISTOK - delete completed
NO - delete failure: can't delete mailbox with that name
BAD - command unknown or arguments invalid
The DELETE command permanently removes the mailbox with the given
name. A tagged OK response is returned only if the mailbox has
been deleted. It is an error to attempt to delete INBOX or a
mailbox name that does not exist.
The DELETE command MUST NOT remove inferior hierarchical names.
For example, if a mailbox "foo" has an inferior "foo.bar"
(assuming "." is the hierarchy delimiter character), removing
"foo" MUST NOT remove "foo.bar". It is an error to attempt to
delete a name that has inferior hierarchical names and also has
the \Noselect mailbox name attribute (see the description of the
LIST response for more details).
It is permitted to delete a name that has inferior hierarchical
names and does not have the \Noselect mailbox name attribute. If
the server implementation does not permit deleting the name while
inferior hierarchical names exists then it SHOULD disallow the
DELETE command by returning a tagged NO response. The NO response
SHOULD include the HASCHILDREN response code.
Alternatively the server MAY allow the DELETE command,
but sets the \Noselect mailbox name attribute for that name.
If the server returns OK response, all messages in
that mailbox are removed by the DELETE command.
The value of the highest-used unique identifier of the deleted
mailbox MUST be preserved so that a new mailbox created with the
same name will not reuse the identifiers of the former
incarnation, UNLESS the new incarnation has a different unique
identifier validity value. See the description of the UID command
for more detail.
If the server decides to convert (normalize) the mailbox name,
it SHOULD return an untagged LIST with the "\NonExistent" attribute and
OLDNAME extended data item,
with the OLDNAME value being the supplied mailbox name and the
name parameter being the normalized mailbox name.
(See for more details.)
Mailboxes deleted in one IMAP session MAY be announced to other IMAP
sessions using unsolicited LIST response, containing the "\NonExistent" attribute.existing mailbox name
new mailbox nameOPTIONAL untagged response: LISTOK - rename completed
NO - rename failure: can't rename mailbox with that name,
can't rename to mailbox with that name
BAD - command unknown or arguments invalid
The RENAME command changes the name of a mailbox. A tagged OK
response is returned only if the mailbox has been renamed. It is
an error to attempt to rename from a mailbox name that does not
exist or to a mailbox name that already exists. Any error in
renaming will return a tagged NO response.
If the name has inferior hierarchical names, then the inferior
hierarchical names MUST also be renamed. For example, a rename of
"foo" to "zap" will rename "foo/bar" (assuming "/" is the
hierarchy delimiter character) to "zap/bar".
If the server's hierarchy separator character appears in the name,
the server SHOULD create any superior hierarchical names that are
needed for the RENAME command to complete successfully. In other
words, an attempt to rename "foo/bar/zap" to baz/rag/zowie on a
server in which "/" is the hierarchy separator character in the corresponding namespace SHOULD
create baz/ and baz/rag/ if they do not already exist.
The value of the highest-used unique identifier of the old mailbox
name MUST be preserved so that a new mailbox created with the same
name will not reuse the identifiers of the former incarnation,
UNLESS the new incarnation has a different unique identifier
validity value. See the description of the UID command for more
detail.
Renaming INBOX is permitted, and has special behavior.
(Note that some servers disallow renaming INBOX, so clients
need to be able to handle such RENAME failing). It moves
all messages in INBOX to a new mailbox with the given name,
leaving INBOX empty. If the server implementation supports
inferior hierarchical names of INBOX, these are unaffected by a
rename of INBOX.
If the server allows creation of mailboxes with names that
are not valid Net-Unicode names, the server normalizes
both the existing mailbox name parameter and the new mailbox name parameter.
If the normalized version of any of these 2 parameters differs
from the corresponding supplied version, the server SHOULD return
an untagged LIST response with OLDNAME extended data item,
with the OLDNAME value being the supplied existing mailbox name and the
name parameter being the normalized new mailbox name
(see ).
This would allow the client to correlate supplied name with the normalized name.
Mailboxes renamed in one IMAP session MAY be announced to other IMAP sessions
using unsolicited LIST response with OLDNAME extended data item.
In both of the above cases: if the server automatically subscribes a mailbox
when it is renamed, then the unsolicited LIST response for each affected
subscribed mailbox name MUST include the \Subscribed attribute.
No unsolicited LIST responses need to be sent for children mailboxes, if any.
When INBOX is successfully renamed, a new INBOX is assumed to be created.
No unsolicited LIST responses need to be sent for INBOX in this case.
Note that renaming a mailbox doesn't update subscription information
on the original name. To keep subscription information in sync,
the following sequence of commands can be used:
Note that the above sequence of commands doesn't account for updating
subscription for any children mailboxes of mailbox X.
mailboxno specific responses for this commandOK - subscribe completed
NO - subscribe failure: can't subscribe to that name
BAD - command unknown or arguments invalid
The SUBSCRIBE command adds the specified mailbox name to the
server's set of "active" or "subscribed" mailboxes as returned by
the LIST (SUBSCRIBED) command. This command returns a tagged OK response
if the subscription is successful or if the mailbox is already subscribed.
A server MAY validate the mailbox argument to SUBSCRIBE to verify
that it exists. However, it SHOULD NOT unilaterally remove an
existing mailbox name from the subscription list even if a mailbox
by that name no longer exists.
Note: This requirement is because a server site can
choose to routinely remove a mailbox with a well-known
name (e.g., "system-alerts") after its contents expire,
with the intention of recreating it when new contents
are appropriate.
mailbox nameno specific responses for this commandOK - unsubscribe completed
NO - unsubscribe failure: can't unsubscribe that name
BAD - command unknown or arguments invalid
The UNSUBSCRIBE command removes the specified mailbox name from
the server's set of "active" or "subscribed" mailboxes as returned
by the LIST (SUBSCRIBED) command. This command returns a tagged OK response
if the unsubscription is successful or if the mailbox is not subscribed.
reference name
mailbox name with possible wildcardsselection options (OPTIONAL)
reference name
mailbox patterns
return options (OPTIONAL)untagged responses: LISTOK - list completed
NO - list failure: can't list that reference or name
BAD - command unknown or arguments invalid
The LIST command returns a subset of names from the complete set
of all names available to the client. Zero or more untagged LIST
replies are returned, containing the name attributes, hierarchy
delimiter, name, and possible extension information; see the description of the LIST reply for
more detail.
The LIST command SHOULD return its data quickly, without undue
delay. For example, it SHOULD NOT go to excess trouble to
calculate the \Marked or \Unmarked status or perform other
processing; if each name requires 1 second of processing, then a
list of 1200 names would take 20 minutes!
The extended LIST command, originally introduced in ,
provides capabilities beyond that of the original IMAP LIST command.
The extended syntax is being used if one or more of
the following conditions is true:
if the first word after the command name begins with a
parenthesis ("LIST selection options");if the second word after the command name begins with a
parenthesis;if the LIST command has more than 2 parameters ("LIST return options")
An empty ("" string) reference name argument indicates that the
mailbox name is interpreted as by SELECT. The returned mailbox
names MUST match the supplied mailbox name pattern(s). A non-empty
reference name argument is the name of a mailbox or a level of
mailbox hierarchy, and indicates the context in which the mailbox
name is interpreted.
Clients SHOULD use the empty reference argument.
In the basic syntax only,
an empty ("" string) mailbox name argument is a special request to
return the hierarchy delimiter and the root name of the name given
in the reference. The value returned as the root MAY be the empty
string if the reference is non-rooted or is an empty string. In
all cases, a hierarchy delimiter (or NIL if there is no hierarchy)
is returned. This permits a client to get the hierarchy delimiter
(or find out that the mailbox names are flat) even when no
mailboxes by that name currently exist.
In the extended syntax, any mailbox name arguments that are empty
strings are ignored. There is no special meaning for empty mailbox
names when the extended syntax is used.
The reference and mailbox name arguments are interpreted into a
canonical form that represents an unambiguous left-to-right
hierarchy. The returned mailbox names will be in the interpreted
form, that we call "canonical LIST pattern"
later in this document.
To define the term "canonical LIST pattern" formally: it refers to
the canonical pattern constructed internally by the server from
the reference and mailbox name arguments.
Note: The interpretation of the reference argument is
implementation-defined. It depends upon whether the
server implementation has a concept of the "current
working directory" and leading "break out characters",
which override the current working directory.
For example, on a server which exports a UNIX or NT
filesystem, the reference argument contains the current
working directory, and the mailbox name argument would
contain the name as interpreted in the current working
directory.
If a server implementation has no concept of break out
characters, the canonical form is normally the reference
name appended with the mailbox name. Note that if the
server implements the namespace convention (),
"#" is a break out character and must be treated
as such.
If the reference argument is not a level of mailbox
hierarchy (that is, it is a \NoInferiors name), and/or
the reference argument does not end with the hierarchy
delimiter, it is implementation-dependent how this is
interpreted. For example, a reference of "foo/bar" and
mailbox name of "rag/baz" could be interpreted as
"foo/bar/rag/baz", "foo/barrag/baz", or "foo/rag/baz".
A client SHOULD NOT use such a reference argument except
at the explicit request of the user. A hierarchical
browser MUST NOT make any assumptions about server
interpretation of the reference unless the reference is
a level of mailbox hierarchy AND ends with the hierarchy
delimiter.
Any part of the reference argument that is included in the
interpreted form SHOULD prefix the interpreted form. It SHOULD
also be in the same form as the reference name argument. This
rule permits the client to determine if the returned mailbox name
is in the context of the reference argument, or if something about
the mailbox argument overrode the reference argument. Without
this rule, the client would have to have knowledge of the server's
naming semantics including what characters are "breakouts" that
override a naming context.
The character "*" is a wildcard, and matches zero or more
characters at this position. The character "%" is similar to "*",
but it does not match a hierarchy delimiter. If the "%" wildcard
is the last character of a mailbox name argument, matching levels
of hierarchy are also returned. If these levels of hierarchy are
not also selectable mailboxes, they are returned with the
\Noselect mailbox name attribute (see the description of the LIST
response for more details).
Any syntactically valid pattern that is not accepted by a
server for any reason MUST be silently ignored. I.e. it results in
no LIST responses and the LIST command still returns tagged OK response.
Selection options tell the server to limit the mailbox names that
are selected by the LIST operation. If selection options are used,
the mailboxes returned are those that match both the list of canonical LIST
patterns and the selection options. Unless a particular selection
option provides special rules, the selection options are cumulative:
a mailbox that matches the mailbox patterns is selected only if it
also matches all of the selection options.
(An example of a selection option with special rules is the RECURSIVEMATCH option.)
Return options control what information is returned for each matched mailbox.
Return options MUST NOT cause the server to report information about additional
mailbox names other than those that match the canonical LIST patterns and selection options.
If no return options are specified, the client is only expecting information
about mailbox attributes. The server MAY return other information about the
matched mailboxes, and clients MUST be able to handle that situation.
Initial selection options and return options are defined in the following subsections,
and new ones will also be defined in extensions.
Initial options defined in this document MUST be supported.
Each non-initial option will be enabled by a
capability string (one capability may enable multiple options), and a client
MUST NOT send an option for which the server has not advertised support.
A server MUST respond to options it does not recognize with a BAD response.
The client SHOULD NOT specify any option more than once; however, if the
client does this, the server MUST act as if it received the option only once.
The order in which options are specified by the client is not significant.
In general, each selection option except RECURSIVEMATCH will have
a corresponding return option with the same name. The REMOTE selection option is an anomaly
in this regard, and does not have a corresponding return option.
That is because it expands, rather than restricts, the set of mailboxes
that are returned. Future extensions to this specification should keep
this parallelism in mind and define a pair of corresponding
selection and return options.
Server implementations are permitted to "hide" otherwise
accessible mailboxes from the wildcard characters, by preventing
certain characters or names from matching a wildcard in certain
situations. For example, a UNIX-based server might restrict the
interpretation of "*" so that an initial "/" character does not
match.
The special name INBOX is included in the output from LIST, if
INBOX is supported by this server for this user and if the
uppercase string "INBOX" matches the interpreted reference and
mailbox name arguments with wildcards as described above. The
criteria for omitting INBOX is whether SELECT INBOX will return
failure; it is not relevant whether the user's real INBOX resides
on this or some other server.
The selection options defined in this specification are as follows:
causes the LIST command to list subscribed
names, rather than the existing mailboxes. This will often
be a subset of the actual mailboxes. It's also possible for
this list to contain the names of mailboxes that don't exist.
In any case, the list MUST include exactly those mailbox names
that match the canonical list pattern and are subscribed to.
This option defines a mailbox attribute, "\Subscribed", that
indicates that a mailbox name is subscribed to. The "\Subscribed"
attribute MUST be supported and MUST be accurately computed
when the SUBSCRIBED selection option is specified.
Note that the SUBSCRIBED selection option implies the SUBSCRIBED
return option (see below).
causes the LIST command to show remote mailboxes as
well as local ones, as described in . This option
is intended to replace the RLIST command and, in conjunction
with the SUBSCRIBED selection option, the RLSUB command.
Servers that don't support remote mailboxes just ignore this option.
This option defines a mailbox attribute, "\Remote", that
indicates that a mailbox is a remote mailbox. The "\Remote"
attribute MUST be accurately computed when the REMOTE option is
specified.
The REMOTE selection option has no interaction with other options.
Its effect is to tell the server to apply the other options, if
any, to remote mailboxes, in addition to local ones.
In particular, it has no interaction with RECURSIVEMATCH (see below).
A request for (REMOTE RECURSIVEMATCH) is invalid, because a
request for (RECURSIVEMATCH) is also invalid. A request for (REMOTE RECURSIVEMATCH SUBSCRIBED)
is asking for all subscribed mailboxes, both local and remote.
this option forces the server to return
information about parent mailboxes that don't match other
selection options, but have some submailboxes that do.
Information about children is returned in the CHILDINFO
extended data item, as described in .
Note 1: In order for a parent mailbox to be returned, it still
has to match the canonical LIST pattern.
Note 2: When returning the CHILDINFO extended data item,
it doesn't matter whether or not the submailbox matches
the canonical LIST pattern. See also example 9 in
.
The RECURSIVEMATCH option MUST NOT occur as the only selection
option (or only with REMOTE),
as it only makes sense when other selection options are
also used. The server MUST return BAD tagged response in such case.
Note that even if the RECURSIVEMATCH option is specified, the client
MUST still be able to handle a case when a CHILDINFO extended
data item is returned and there are no submailboxes
that meet the selection criteria of the subsequent LIST command,
as they can be deleted/renamed after the LIST response was sent,
but before the client had a chance to access them.
The return options defined in this specification are as follows:
causes the LIST command to return subscription
state for all matching mailbox names. The "\Subscribed"
attribute MUST be supported and MUST be accurately computed
when the SUBSCRIBED return option is specified.
Further, all mailbox flags MUST be accurately computed (this
differs from the behavior of the obsolete LSUB command from IMAP4rev1).
requests mailbox child information as originally
proposed in .
See , below, for details.
This option MUST be supported by all servers.
requests STATUS response for each matching mailbox.
This option takes STATUS data items as parameters. For each selectable
mailbox matching the list pattern and selection options, the server
MUST return an untagged LIST response followed by an untagged STATUS
response containing the information requested in the STATUS return
option, except for some cases described below.
If an attempted STATUS for a listed mailbox fails because the mailbox
can't be selected (e.g., if the "l" ACL right
is granted to the
mailbox and the "r" right is not granted, or due to a race condition
between LIST and STATUS changing the mailbox to \NoSelect), the
STATUS response MUST NOT be returned and the LIST response MUST
include the \NoSelect attribute. This means the server may have to
buffer the LIST reply until it has successfully looked up the
necessary STATUS information.
If the server runs into unexpected problems while trying to look up
the STATUS information, it MAY drop the corresponding STATUS reply.
In such a situation, the LIST command would still return a tagged OK
reply.
This section outlines several principles that can be used by server
implementations of this document to decide whether a LIST response should be
returned, as well as how many responses and what kind of information
they may contain.At most one LIST response should be returned for each mailbox
name that matches the canonical LIST pattern.
Server implementors must not assume that clients will be able to
assemble mailbox attributes and other information returned in multiple
LIST responses.
There are only two reasons for including a matching mailbox name
in the responses to the LIST command (note that the server is allowed
to return unsolicited responses at any time, and such responses are not
governed by this rule):
The mailbox name also satisfies the selection criteria.The mailbox name doesn't satisfy the selection criteria, but
it has at least one descendant mailbox name that satisfies the
selection criteria and that doesn't match the canonical LIST
pattern.
For more information on this case, see the CHILDINFO extended data
item described in . Note that the CHILDINFO extended
data item can only be returned when the RECURSIVEMATCH selection
option is specified.Attributes returned in the same LIST response must be treated additively.
For example, the following response
S: * LIST (\Subscribed \NonExistent) "/" "Fruit/Peach"
means that the "Fruit/Peach" mailbox doesn't exist, but it is
subscribed.All clients MUST treat a LIST attribute with
a stronger meaning as implying any attribute that can be inferred
from it. (See for the list of currently defined attributes).
For example, the client must treat the presence of the
\NoInferiors attribute as if the \HasNoChildren attribute was also
sent by the server.
The following table summarizes inference rules.returned attributeimplied attribute\NoInferiors\HasNoChildren\NonExistent\NoSelect
The CHILDREN return option is simply an indication that the client wants
information about whether or not mailboxes contain children mailboxes;
a server MAY provide it even if the option is not specified.Many IMAP4 clients present to the user a hierarchical view of
the mailboxes that a user has access to. Rather than initially
presenting to the user the entire mailbox hierarchy, it is often
preferable to show to the user a collapsed outline list of the
mailbox hierarchy (particularly if there is a large number of
mailboxes). The user can then expand the collapsed outline hierarchy
as needed. It is common to include within the collapsed hierarchy a
visual clue (such as a ''+'') to indicate that there are child
mailboxes under a particular mailbox. When the visual clue is
clicked, the hierarchy list is expanded to show the child mailboxes.
The CHILDREN return option provides a mechanism for a client to
efficiently determine whether a particular mailbox has children, without
issuing a LIST "" * or a LIST "" % for each mailbox name.
The CHILDREN return option defines two new attributes that MUST be
returned within a LIST response: \HasChildren and \HasNoChildren.
Although these attributes MAY be returned in response to any LIST
command, the CHILDREN return option is provided to indicate that the
client particularly wants this information. If the CHILDREN return
option is present, the server MUST return these attributes even if
their computation is expensive.
\HasChildren
The presence of this attribute indicates that the
mailbox has child mailboxes.
A server SHOULD NOT set this attribute if there are child
mailboxes and the user does not have permission to access any
of them. In this case, \HasNoChildren SHOULD be used.
In many cases, however, a server may not be able to efficiently
compute whether a user has access to any child mailbox.
Note that even though the \HasChildren attribute for a mailbox
must be correct at the time of processing of the mailbox, a client
must be prepared to deal with a situation when a mailbox is marked
with the \HasChildren attribute, but no child mailbox appears in the
response to the LIST command. This might happen, for example, due to
children mailboxes being deleted or made inaccessible to the user
(using access control) by another client before the server is able to
list them.
\HasNoChildren
The presence of this attribute indicates that the
mailbox has NO child mailboxes that are accessible to the
currently authenticated user.It is an error for the server to return both a
\HasChildren and a \HasNoChildren attribute in the same LIST response.Note: the \HasNoChildren attribute should not be confused with the
the \NoInferiors attribute, which indicates
that no child mailboxes exist now and none can be created in the future.The CHILDINFO extended data item MUST NOT be returned unless the client
has specified the RECURSIVEMATCH selection option.The CHILDINFO extended data item in a LIST response describes the
selection criteria that has caused it to be returned and indicates that
the mailbox has at least one descendant mailbox that matches the selection
criteria.Note: Some servers allow for mailboxes to exist without requiring
their parent to exist. For example, a mailbox "Customers/ABC" can exist
while the mailbox "Customers" does not. As CHILDINFO extended data
item is not allowed if the RECURSIVEMATCH selection option is not specified,
such servers SHOULD use the "\NonExistent \HasChildren" attribute pair to signal
to the client that there is a descendant mailbox that matches the selection
criteria. See example 11 in .The returned selection criteria allow the client to distinguish
a solicited response from an unsolicited one, as well as to distinguish
among solicited responses caused by multiple pipelined LIST commands
that specify different criteria.Servers SHOULD ONLY return a non-matching mailbox name along with
CHILDINFO if at least one matching child is not also being returned.
That is, servers SHOULD suppress redundant CHILDINFO responses.
Examples 8 and 10 in demonstrate the difference between
present CHILDINFO extended data item and the "\HasChildren" attribute.The following table summarizes interaction between the "\NonExistent"
attribute and CHILDINFO (the first column indicates whether the parent
mailbox exists):existsmeets the selection criteriahas a child that meets the selection criteriareturned IMAP4rev2/LIST-EXTENDED attributes and CHILDINFOnononono LIST response returnedyesnonono LIST response returnednoyesno(\NonExistent <attr>)yesyesno(<attr>)nonoyes(\NonExistent) + CHILDINFOyesnoyes() + CHILDINFOnoyesyes(\NonExistent <attr>) + CHILDINFOyesyesyes(<attr>) + CHILDINFOwhere <attr> is one or more attributes that correspond to the
selection criteria; for example, for the SUBSCRIBED option the <attr>
is \Subscribed.The OLDNAME extended data item is included when
a mailbox name is created (with CREATE command), renamed (with RENAME command)
or deleted (with DELETE command). (When a mailbox is deleted the "\NonExistent" attribute
is also included.) IMAP extensions can specify other conditions when
OLDNAME extended data item should be included.If the server allows de-normalized mailbox names (see )
in SELECT/EXAMINE, CREATE, RENAME or DELETE, it SHOULD return an unsolicited LIST response
that includes OLDNAME extended data item, whenever the supplied mailbox name differs from
the resulting normalized mailbox name. From the client point of view this is indistinguishable
from another user renaming of deleting the mailbox, as specified in the previous paragraph.
This example shows some uses of the basic LIST command:
Extended examples:
The first example shows the complete local hierarchy that will be
used for the other examples.
In the next example, we will see the subscribed mailboxes. This is
similar to, but not equivalent with now deprecated, <LSUB "" "*">
(see for more details on LSUB command). Note that the mailbox
called "Fruit/Peach" is subscribed to, but does not actually exist
(perhaps it was deleted while still subscribed). The "Fruit"
mailbox is not subscribed to, but it has two subscribed children.
The "Vegetable" mailbox is subscribed and has two children; one
of them is subscribed as well.
The next example shows the use of the CHILDREN option. The client,
without having to list the second level of hierarchy, now knows which
of the top-level mailboxes have submailboxes (children) and which do
not. Note that it's not necessary for the server to return the
\HasNoChildren attribute for the inbox, because the \NoInferiors attribute
already implies that, and has a stronger meaning.
In this example, we see more mailboxes that reside on another server.
This is similar to the command
<RLIST "" "%">.
The following example also requests the server to include mailboxes
that reside on another server. The server returns information about
all mailboxes that are subscribed. This is similar to the command
<RLSUB "" "*"> (see for more details
on RLSUB). We also see the use of two selection options.
The following example requests the server to include mailboxes
that reside on another server. The server is asked to return
subscription information for all returned mailboxes.
This is different from the example above.
Note that the output of this command is not a superset of the output
in the previous example, as it doesn't include LIST response for the
non-existent "Fruit/Peach".
The following example demonstrates the difference between the
\HasChildren attribute and the CHILDINFO extended data item.
Let's assume there is the following hierarchy:
If the client asks RETURN (CHILDREN), it will get this:
A) Let's also assume that the mailbox "Foo/Baz" is the only
subscribed mailbox. Then we get this result:
Now, if the client issues <LIST (SUBSCRIBED) "" "%">, the server will
return no mailboxes (as the mailboxes "Moo", "Foo", and "Inbox" are NOT
subscribed). However, if the client issues this:
(i.e., the mailbox "Foo" is not subscribed, but it has a child that is.)
A1) If the mailbox "Foo" had also been subscribed, the last
command would return this:
or even this:
A2) If we assume instead that the mailbox "Foo" is not part of the
original hierarchy and is not subscribed, the last command will
give this result:
B) Now, let's assume that no mailbox is subscribed. In this case,
the command <LIST (SUBSCRIBED RECURSIVEMATCH) "" "%"> will return
no responses, as there are no subscribed children (even though
"Foo" has children).
C) And finally, suppose that only the mailboxes "Foo" and "Moo" are
subscribed. In that case, we see this result:
(which means that the mailbox "Foo" has children, but none of them
is subscribed).
The following example demonstrates that the CHILDINFO extended data item
is returned whether or not children mailboxes match the canonical LIST pattern.
Let's assume there is the following hierarchy:
And that the following mailboxes are subscribed:
The client issues the following command first:
and the server may also include (but this would violate a SHOULD NOT in Section 3.5, because CHILDINFO is redundant)
The CHILDINFO extended data item is returned for mailboxes "foo2", "baz2",
and "eps2", because all of them have subscribed children,
even though for the mailbox "foo2" only one of the two subscribed
children matches the pattern, for the mailbox "baz2" all the subscribed
children match the pattern, and for the mailbox "eps2" none of the
subscribed children matches the pattern.
Note that if the client issues
The LIST responses for mailboxes "foo2", "baz2", and "eps2" still have
the CHILDINFO extended data item, even though this information
is redundant and the client can determine it by itself.
The following example shows usage of extended syntax for mailbox pattern.
It also demonstrates that the presence of the CHILDINFO extended data item
doesn't necessarily imply \HasChildren.
The following example shows how a server that supports missing
mailbox hierarchy elements can signal to a client that didn't
specify the RECURSIVEMATCH selection option that there is
a child mailbox that matches the selection criteria.
Because "music/rock" is the only mailbox under "music", there's no
need for the server to also return "music". However clients must
handle both cases.
The following examples show use of STATUS return option.
The "bar" mailbox isn't selectable, so it has no STATUS reply.
The LIST reply for "foo" is returned because it has matching
children, but no STATUS reply is returned because "foo" itself
doesn't match the selection criteria.
noneREQUIRED untagged responses: NAMESPACEOK - command completed
NO - Can't complete the command
BAD - arguments invalid
The NAMESPACE command causes a single ungagged NAMESPACE response to be returned.
The untagged NAMESPACE response contains the prefix
and hierarchy delimiter to the server's Personal
Namespace(s), Other Users' Namespace(s), and Shared
Namespace(s) that the server wishes to expose. The
response will contain a NIL for any namespace class
that is not available. The Namespace-Response-Extensions ABNF non terminal
is defined for extensibility and MAY be included in the NAMESPACE response.
Example 1:In this example a server supports a single personal namespace. No leading
prefix is used on personal mailboxes and "/" is the hierarchy
delimiter.Example 2:A user logged on anonymously to a server. No personal mailboxes
are associated with the anonymous user and the user does not have
access to the Other Users' Namespace. No prefix is required to
access shared mailboxes and the hierarchy delimiter is "."Example 3:A server that contains a Personal Namespace and a single Shared
Namespace.Example 4:A server that contains a Personal Namespace, Other Users'
Namespace and multiple Shared Namespaces. Note that the hierarchy
delimiter used within each namespace can be different.
The prefix string allows a client to do things such as automatically
creating personal mailboxes or LISTing all available mailboxes within
a namespace.
Example 5:A server that supports only the Personal Namespace, with a
leading prefix of INBOX to personal mailboxes and a hierarchy
delimiter of "."
Although typically a server will support only a single Personal
Namespace, and a single Other User's Namespace, circumstances exist
where there MAY be multiples of these, and a client MUST be prepared
for them. If a client is configured such that it is required to
create a certain mailbox, there can be circumstances where it is
unclear which Personal Namespaces it should create the mailbox in.
In these situations a client SHOULD let the user select which
namespaces to create the mailbox in or just use the first personal namespace.
Example 6:In this example, a server supports 2 Personal Namespaces. In
addition to the regular Personal Namespace, the user has an
additional personal namespace to allow access to mailboxes in an
MH format mailstore.The client is configured to save a copy of all mail sent by the
user into a mailbox called 'Sent Mail'. Furthermore, after a
message is deleted from a mailbox, the client is configured to
move that message to a mailbox called 'Deleted Items'.Note that this example demonstrates how some extension flags can
be passed to further describe the #mh namespace.The next level of hierarchy following the Other Users' Namespace
prefix SHOULD consist of <username>, where <username> is a user name
as per the LOGIN or AUTHENTICATE command.
A client can construct a LIST command by appending a "%" to the Other
Users' Namespace prefix to discover the Personal Namespaces of other
users that are available to the currently authenticated user.
In response to such a LIST command, a server SHOULD NOT return user
names that have not granted access to their personal mailboxes to the
user in question.
A server MAY return a LIST response containing only the names of
users that have explicitly granted access to the user in question.
Alternatively, a server MAY return NO to such a LIST command,
requiring that a user name be included with the Other Users'
Namespace prefix before listing any other user's mailboxes.
Example 7:A server that supports providing a list of other user's
mailboxes that are accessible to the currently logged on user.Example 8:A server that does not support providing a list of other user's
mailboxes that are accessible to the currently logged on user.
The mailboxes are listable if the client includes the name of the
other user with the Other Users' Namespace prefix.A prefix string might not contain a hierarchy delimiter, because
in some cases it is not needed as part of the prefix.
Example 9:A server that allows access to the Other Users' Namespace by
prefixing the others' mailboxes with a '~' followed by <username>,
where <username> is a user name as per the LOGIN or
AUTHENTICATE command.mailbox name
status data item namesREQUIRED untagged responses: STATUSOK - status completed
NO - status failure: no status for that name
BAD - command unknown or arguments invalid
The STATUS command requests the status of the indicated mailbox.
It does not change the currently selected mailbox, nor does it
affect the state of any messages in the queried mailbox.
The STATUS command provides an alternative to opening a second
IMAP4rev2 connection and doing an EXAMINE command on a mailbox to
query that mailbox's status without deselecting the current
mailbox in the first IMAP4rev2 connection.
Unlike the LIST command, the STATUS command is not guaranteed to
be fast in its response. Under certain circumstances, it can be
quite slow. In some implementations, the server is obliged to
open the mailbox read-only internally to obtain certain status
information. Also unlike the LIST command, the STATUS command
does not accept wildcards.
Note: The STATUS command is intended to access the
status of mailboxes other than the currently selected
mailbox. Because the STATUS command can cause the
mailbox to be opened internally, and because this
information is available by other means on the selected
mailbox, the STATUS command SHOULD NOT be used on the
currently selected mailbox.
However, servers MUST be able to execute STATUS
command on the selected mailbox.
(This might
also implicitly happen when STATUS return option is used
in a LIST command).
The STATUS command MUST NOT be used as a "check for new
messages in the selected mailbox" operation (refer to
sections , for more information about
the proper method for new message checking).
STATUS SIZE (see below) can take a significant amount of time,
depending upon server implementation. Clients should use
STATUS SIZE cautiously.
The currently defined status data items that can be requested are:
The number of messages in the mailbox.
The next unique identifier value of the mailbox. Refer to
for more information.
The unique identifier validity value of the mailbox. Refer to
for more information.
The number of messages which do not have the \Seen flag set.
The number of messages which have the \Deleted flag set.
The total size of the mailbox in octets. This is not strictly
required to be an exact value, but it MUST be equal to or greater
than the sum of the values of the RFC822.SIZE FETCH message data
items (see ) of all messages in the mailbox.
mailbox name
OPTIONAL flag parenthesized list
OPTIONAL date/time string
message literalOPTIONAL untagged response: LISTOK - append completed
NO - append error: can't append to that mailbox, error
in flags or date/time or message text
BAD - command unknown or arguments invalid
The APPEND command appends the literal argument as a new message
to the end of the specified destination mailbox. This argument
SHOULD be in the format of an or message. 8-bit
characters are permitted in the message. A server implementation
that is unable to preserve 8-bit data properly MUST be able to
reversibly convert 8-bit APPEND data to 7-bit using a
content transfer encoding.
Note: There may be exceptions, e.g., draft messages, in
which required header lines are omitted in
the message literal argument to APPEND. The full
implications of doing so must be understood and
carefully weighed.
If a flag parenthesized list is specified, the flags SHOULD be set
in the resulting message; otherwise, the flag list of the
resulting message is set to empty by default.
If a date-time is specified, the internal date SHOULD be set in
the resulting message; otherwise, the internal date of the
resulting message is set to the current date and time by default.
If the append is unsuccessful for any reason, the mailbox MUST be
restored to its state before the APPEND attempt (other than possibly
keeping the changed mailbox's UIDNEXT value); no partial
appending is permitted.
If the destination mailbox does not exist, a server MUST return an
error, and MUST NOT automatically create the mailbox. Unless it
is certain that the destination mailbox can not be created, the
server MUST send the response code "[TRYCREATE]" as the prefix of
the text of the tagged NO response. This gives a hint to the
client that it can attempt a CREATE command and retry the APPEND
if the CREATE is successful.
On successful completion of an APPEND, the server SHOULD return
an APPENDUID response code (see ).
In the case of a mailbox that has permissions set so that the client
can APPEND to the mailbox, but not SELECT or EXAMINE it, the
server SHOULD NOT send an APPENDUID response code as it
would disclose information about the mailbox.
In the case of a mailbox that has UIDNOTSTICKY status
(see ),
the server MAY omit the APPENDUID response code as
it is not meaningful.
If the server does not return the APPENDUID response
codes, the client can discover this information by selecting the
destination mailbox. The location of messages placed in the
destination mailbox by APPEND can be determined by using
FETCH and/or SEARCH commands (e.g., for Message-ID or some unique
marker placed in the message in an APPEND).
If the mailbox is currently selected, the normal new message
actions SHOULD occur. Specifically, the server SHOULD notify the
client immediately via an untagged EXISTS response. If the server
does not do so, the client MAY issue a NOOP command after one or more APPEND commands.
If the server decides to convert (normalize) the mailbox name,
it SHOULD return an untagged LIST with OLDNAME extended data item,
with the OLDNAME value being the supplied mailbox name and the
name parameter being the normalized mailbox name.
(See for more details.)
In this example, A003 and A004 demonstrate successful appending and
copying to a mailbox that returns the UIDs assigned to the messages.
A005 is an example in which no messages were copied; this is because
in A003, we see that message 2 had UID 304, and message 3 had UID
319; therefore, UIDs 305 through 310 do not exist (refer to
for further explanation). A006 is an example of a
message being copied that did not return a COPYUID; and, as expected,
A007 shows that the mail store containing that mailbox does not
support persistent UIDs.
Note: The APPEND command is not used for message delivery,
because it does not provide a mechanism to transfer
envelope information.
nonecontinuation data will be requested; the client sends
the continuation data "DONE" to end the commandOK - IDLE completed after client sent "DONE"
NO - failure: the server will not allow the IDLE
command at this time
BAD - command unknown or arguments invalid
Without the IDLE command a client requires to poll the server for changes
to the selected mailbox (new mail, deletions, flag changes).
It's often more desirable to have the server transmit updates to
the client in real time. This allows a user to see new mail immediately.
The IDLE command allows a client to tell the server that it's ready to accept
such real-time updates.
The IDLE command is sent from the client to the server when the
client is ready to accept unsolicited update messages. The
server requests a response to the IDLE command using the continuation
("+") response. The IDLE command remains active until the client
responds to the continuation, and as long as an IDLE command is
active, the server is now free to send untagged EXISTS, EXPUNGE, FETCH, and
other responses at any time. If the server choose to send unsolicited FETCH
responses, they MUST include UID FETCH item.
The IDLE command is terminated by the receipt of a "DONE"
continuation from the client; such response satisfies the server's
continuation request. At that point, the server MAY send any
remaining queued untagged responses and then MUST immediately send
the tagged response to the IDLE command and prepare to process other
commands. As for other commands, the processing of any new
command may cause the sending of unsolicited untagged responses,
subject to the ambiguity limitations. The client MUST NOT send a
command while the server is waiting for the DONE, since the server
will not be able to distinguish a command from a continuation.
The server MAY consider a client inactive if it has an IDLE command
running, and if such a server has an inactivity timeout it MAY log
the client off implicitly at the end of its timeout period. Because
of that, clients using IDLE are advised to terminate the IDLE and
re-issue it at least every 29 minutes to avoid being logged off.
This still allows a client to receive immediate mailbox updates even
though it need only "poll" at half hour intervals.
In the selected state, commands that manipulate messages in a mailbox
are permitted.
In addition to the universal commands (CAPABILITY, NOOP, and LOGOUT),
and the authenticated state commands (SELECT, EXAMINE, NAMESPACE, CREATE,
DELETE, RENAME, SUBSCRIBE, UNSUBSCRIBE, LIST, STATUS, and
APPEND), the following commands are valid in the selected state:
CLOSE, UNSELECT, EXPUNGE, SEARCH, FETCH, STORE, COPY, MOVE, and UID.
noneno specific responses for this commandOK - close completed, now in authenticated state
BAD - command unknown or arguments invalid
The CLOSE command permanently removes all messages that have the
\Deleted flag set from the currently selected mailbox, and returns
to the authenticated state from the selected state. No untagged
EXPUNGE responses are sent.
No messages are removed, and no error is given, if the mailbox is
selected by an EXAMINE command or is otherwise selected read-only.
Even if a mailbox is selected, a SELECT, EXAMINE, or LOGOUT
command MAY be issued without previously issuing a CLOSE command.
The SELECT, EXAMINE, and LOGOUT commands implicitly close the
currently selected mailbox without doing an expunge. However,
when many messages are deleted, a CLOSE-LOGOUT or CLOSE-SELECT
sequence is considerably faster than an EXPUNGE-LOGOUT or
EXPUNGE-SELECT because no untagged EXPUNGE responses (which the
client would probably ignore) are sent.
noneno specific responses for this command
OK - unselect completed, now in authenticated state
BAD - no mailbox selected, or argument supplied but
none permitted
The UNSELECT command frees server's resources associated with the
selected mailbox and returns the server to the authenticated
state. This command performs the same actions as CLOSE, except
that no messages are permanently removed from the currently
selected mailbox.
noneuntagged responses: EXPUNGEOK - expunge completed
NO - expunge failure: can't expunge (e.g., permission
denied)
BAD - command unknown or arguments invalid
The EXPUNGE command permanently removes all messages that have the
\Deleted flag set from the currently selected mailbox. Before
returning an OK to the client, an untagged EXPUNGE response is
sent for each message that is removed.
Note: In this example, messages 3, 4, 7, and 11 had the
\Deleted flag set. See the description of the EXPUNGE
response for further explanation.
OPTIONAL result specifier
OPTIONAL specification
searching criteria (one or more)OPTIONAL untagged response: ESEARCHOK - search completed
NO - search error: can't search that or
criteria
BAD - command unknown or arguments invalid
The SEARCH command searches the mailbox for messages that match
the given searching criteria.
The SEARCH command may contain result options. Result options control
what kind of information is returned about messages matching the search criteria in an untagged ESEARCH response.
If no result option is specified or empty list of options is specified "()", ALL is assumed (see below).
The order of individual options is arbitrary. Individual options may
contain parameters enclosed in parentheses (*). If an option has
parameters, they consist of atoms and/or strings and/or lists in a
specific order. Any options not defined by extensions that the
server supports must be rejected with a BAD response.
(*) - if an option has a mandatory parameter, which can always be
represented as a number or a sequence-set, the option parameter does
not need the enclosing (). See the ABNF for more details.
This document specifies the following result options:
Return the lowest message number/UID that satisfies the SEARCH
criteria.
If the SEARCH results in no matches, the server MUST NOT
include the MIN result option in the ESEARCH response; however,
it still MUST send the ESEARCH response.
Return the highest message number/UID that satisfies the SEARCH
criteria.
If the SEARCH results in no matches, the server MUST NOT
include the MAX result option in the ESEARCH response; however,
it still MUST send the ESEARCH response.
Return all message numbers/UIDs that satisfy the SEARCH
criteria using the sequence-set syntax. Note, the client
MUST NOT assume that messages/UIDs will be listed in any
particular order.
If the SEARCH results in no matches, the server MUST NOT
include the ALL result option in the ESEARCH response; however,
it still MUST send the ESEARCH response.
Return number of the messages that satisfy the SEARCH criteria.
This result option MUST always be included in the ESEARCH
response.
This option tells the server to remember the result
of the SEARCH or UID SEARCH command (as well as any command based on
SEARCH, e.g., SORT and THREAD >) and store it in an internal
variable that we will reference as the "search result variable". The
client can use the "$" marker to reference the content of this
internal variable. The "$" marker can be used instead of message
sequence or UID sequence in order to indicate that the server should
substitute it with the list of messages from the search result
variable. Thus, the client can use the result of the latest
remembered SEARCH command as a parameter to another command.
See for details on how
the value of the search result variable is determined,
how it is affected by other commands executed, and how
SAVE return option interacts with other return options.
In absence of any other SEARCH result option, the SAVE result option
also suppresses any ESEARCH response that would have been otherwise
returned by the SEARCH command.
Note: future extensions to this document can allow servers to
return multiple ESEARCH responses for a single extended SEARCH
command. However all options specified above MUST result in a single ESEARCH response if used by themselves or in a combination.
This guaranty simplifies processing in IMAP4rev2 clients.
Future SEARCH extensions that relax this restriction will have to describe how results from
multiple ESEARCH responses are to be amalgamated.
Searching criteria consist of one
or more search keys.
When multiple keys are specified, the result is the intersection
(AND function) of all the messages that match those keys. For
example, the criteria DELETED FROM "SMITH" SINCE 1-Feb-1994 refers
to all deleted messages from Smith with INTERNALDATE greater than
February 1, 1994. A search key can also be a parenthesized
list of one or more search keys (e.g., for use with the OR and NOT
keys).
Server implementations MAY exclude body parts with
terminal content media types other than TEXT and MESSAGE from
consideration in SEARCH matching.
The OPTIONAL specification consists of the word
"CHARSET" followed by a registered . It indicates the
of the strings that appear in the search criteria.
content transfer encodings, and strings in
/ headers, MUST be decoded before comparing
text. Servers MUST support US-ASCII and UTF-8 charsets; other s MAY be supported.
Clients SHOULD use UTF-8. Note that if "CHARSET" is not provided IMAP4rev2 server MUST assume UTF-8,
so selecting CHARSET UTF-8 is redundant. It is permitted for improved compatibility with existing IMAP4rev1 clients.
If the server does not support the specified , it MUST
return a tagged NO response (not a BAD). This response SHOULD
contain the BADCHARSET response code, which MAY list the
s supported by the server.
In all search keys that use strings and unless specified otherwise,
a message matches the key if
the string is a substring of the associated text. The matching SHOULD be
case-insensitive for characters within ASCII range. Consider using
for language-sensitive case-insensitive
searching. Note that the empty string is a substring; this
is useful when doing a HEADER search in order to test for a header field
presence in the message.
The defined search keys are as follows. Refer to the Formal
Syntax section for the precise syntactic definitions of the
arguments.
Messages with message sequence numbers corresponding to the
specified message sequence number set.
All messages in the mailbox; the default initial key for
ANDing.
Messages with the \Answered flag set.
Messages that contain the specified string in the envelope
structure's BCC field.
Messages whose internal date (disregarding time and timezone)
is earlier than the specified date.
Messages that contain the specified string in the body of the
message. Unlike TEXT (see below), this doesn't match any header fields.
Servers are allowed to implement flexible matching for this search key,
for example matching "swim" to both "swam" and "swum" in English language text
or only doing full word matching (where "swim" will not match "swimming").
Messages that contain the specified string in the envelope
structure's CC field.
Messages with the \Deleted flag set.
Messages with the \Draft flag set.
Messages with the \Flagged flag set.
Messages that contain the specified string in the envelope
structure's FROM field.
Messages that have a header with the specified field-name (as
defined in ) and that contains the specified string
in the text of the header (what comes after the colon). If the
string to search is zero-length, this matches all messages that
have a header line with the specified field-name regardless of
the contents. Servers should use substring search for this SEARCH item,
as clients can use it for automatic processing not initiated by end users.
For example this can be used for searching for Message-ID or Content-Type header field
values that need to be exact, or for searches in header fields that the IMAP server
might not know anything about.
Messages with the specified keyword flag set.
Messages with an size larger than the specified
number of octets.
Messages that do not match the specified search key.
Messages whose internal date (disregarding time and timezone)
is within the specified date.
Messages that match either search key.
Messages that have the \Seen flag set.
Messages whose Date: header (disregarding time and
timezone) is earlier than the specified date.
Messages whose Date: header (disregarding time and
timezone) is within the specified date.
Messages whose Date: header (disregarding time and
timezone) is within or later than the specified date.
Messages whose internal date (disregarding time and timezone)
is within or later than the specified date.
Messages with an size smaller than the specified
number of octets.
Messages that contain the specified string in the envelope
structure's SUBJECT field.
Messages that contain the specified string in the header (including MIME header fields) or
body of the message.
Servers are allowed to implement flexible matching for this search key,
for example matching "swim" to both "swam" and "swum" in English language text
or only doing full word matching (where "swim" will not match "swimming").
Messages that contain the specified string in the envelope
structure's TO field.
Messages with unique identifiers corresponding to the specified
unique identifier set. Sequence set ranges are permitted.
Messages that do not have the \Answered flag set.
Messages that do not have the \Deleted flag set.
Messages that do not have the \Draft flag set.
Messages that do not have the \Flagged flag set.
Messages that do not have the specified keyword flag set.
Messages that do not have the \Seen flag set.
Note: Since this document is restricted to 7-bit ASCII
text, it is not possible to show actual UTF-8 data. The
"XXXXXX" is a placeholder for what would be 6 octets of
8-bit data in an actual transaction.
The following example demonstrates finding the first unseen message
in the mailbox:
The following example demonstrates that if the ESEARCH UID indicator
is present, all data in the ESEARCH response is referring to UIDs;
for example, the MIN result specifier will be followed by a UID.
The following example demonstrates returning the number of deleted
messages:
Upon successful completion of a SELECT or an EXAMINE command (after
the tagged OK response), the current search result variable is reset
to the empty sequence.
A successful SEARCH command with the SAVE result option sets the
value of the search result variable to the list of messages found in
the SEARCH command. For example, if no messages were found, the
search result variable will contain the empty sequence.
Any of the following SEARCH commands MUST NOT change the search
result variable:
a SEARCH command that caused the server to return the BAD tagged
response,
a SEARCH command with no SAVE result option that caused the
server to return NO tagged response,
a successful SEARCH command with no SAVE result option.
A SEARCH command with the SAVE result option that caused the server
to return the NO tagged response sets the value of the search result
variable to the empty sequence.
When a message listed in the search result variable is EXPUNGEd, it
is automatically removed from the list. Implementors are reminded
that if the server stores the list as a list of message numbers, it
MUST automatically adjust them when notifying the client about
expunged messages, as described in .
If the server decides to send a new UIDVALIDITY value while the
mailbox is opened, this causes resetting of the search variable to
the empty sequence.
Note that even if the "$" marker contains the empty sequence of messages,
it must be treated by all commands accepting message sets as
parameters as a valid, but non-matching list of messages. For
example, the "FETCH $" command would return a tagged OK response and
no FETCH responses. See also the Example 5 in .
The SAVE result option doesn't change whether the server would return
items corresponding to MIN, MAX, ALL, or COUNT result options.
When the SAVE result option is combined with the MIN or MAX
result option, and both ALL and COUNT result options are
absent, the corresponding MIN/MAX is returned (if the search result
is not empty), but the "$" marker would contain a single message as
returned in the MIN/MAX return item.
If the SAVE result option is combined with both MIN and MAX result
options, and both ALL and COUNT result options are absent,
the "$" marker would contain zero, one or two messages as returned in the
MIN/MAX return items.
If the SAVE result option is combined with the ALL and/or COUNT
result option(s), the "$" marker would always contain all messages
found by the SEARCH or UID SEARCH command.
The following table summarizes the additional requirement on ESEARCH
server implementations described in this section.
Combination of Result option"$" marker valueSAVE MINMINSAVE MAXMAXSAVE MIN MAXMIN & MAXSAVE * [m]all found messages
where '*' means "ALL" and/or "COUNT", and
'[m]' means optional "MIN" and/or "MAX"
Implementation note: server implementors should note that "$" can
reference IMAP message sequences or UID sequences, depending on the
context where it is used. For example, the "$" marker can be set as
a result of a SEARCH (SAVE) command and used as a parameter to a UID
FETCH command (which accepts a UID sequence, not a message sequence),
or the "$" marker can be set as a result of a UID SEARCH (SAVE)
command and used as a parameter to a FETCH command (which accepts a
message sequence, not a UID sequence). Server implementations need
to automatically map the "$" marker value to message numbers or UIDs,
depending on context where the "$" marker is used.
Use of a SEARCH RETURN (SAVE) command followed by a command using the
"$" marker creates direct dependency between the two commands. As
directed by , a server MUST execute the two
commands in the order they were received.
A client MAY pipeline a SEARCH RETURN (SAVE) command with one or more command
using the "$" marker, as long as this doesn't create an ambiguity,
as described in by . Examples 7-9 in
explain this in more details.
In some cases, the server MAY refuse to save a SEARCH (SAVE) result,
for example, if an internal limit on the number of saved results is
reached.
In this case, the server MUST return a tagged NO response containing
the NOTSAVED response code and set the search result variable to the
empty sequence, as described in .
Only in this section: explanatory comments in examples that start with // are not part of
the protocol.
1) The following example demonstrates how the client can use the
result of a SEARCH command to FETCH headers of interesting
messages:
The client can also pipeline the two commands:
2) The following example demonstrates that the result of one SEARCH
command can be used as input to another SEARCH command:
Note that the second command in Example 3 can be replaced with:
C: A301 UID SEARCH $ SMALLER 4096
and the result of the command would be the same.
3) The following example shows that the "$"
marker can be combined with other message numbers using the OR
SEARCH criterion.
Note: Since this document format is restricted to 7-bit ASCII text,
it is not possible to show actual UTF-8 data. The "YYYYYYYY" is a
placeholder for what would be 8 octets of 8-bit data in an actual
transaction.
4) The following example demonstrates that a failed SEARCH sets the
search result variable to the empty list. The server doesn't implement
the KOI8-R charset.
Note: Since this document format is restricted to 7-bit ASCII text,
it is not possible to show actual KOI8-R data. The "XXXX" is a
placeholder for what would be 4 octets of 8-bit data in an actual
transaction.
5) The following example demonstrates that it is not an error to use
the "$" marker when it contains no messages.
The following example demonstrates that the result of the second
SEARCH RETURN (SAVE) always overrides the result of the first.
The following example demonstrates behavioral difference for
different combinations of ESEARCH result options.
sequence set
message data item names or macrountagged responses: FETCHOK - fetch completed
NO - fetch error: can't fetch that data
BAD - command unknown or arguments invalid
The FETCH command retrieves data associated with a message in the
mailbox. The data items to be fetched can be either a single atom
or a parenthesized list.
Most data items, identified in the formal syntax under the
msg-att-static rule, are static and MUST NOT change for any
particular message. Other data items, identified in the formal
syntax under the msg-att-dynamic rule, MAY change, either as a
result of a STORE command or due to external events.
For example, if a client receives an ENVELOPE for a
message when it already knows the envelope, it can
safely ignore the newly transmitted envelope.
There are three macros which specify commonly-used sets of data
items, and can be used instead of data items. A macro must be
used by itself, and not in conjunction with other macros or data
items.
Macro equivalent to: (FLAGS INTERNALDATE RFC822.SIZE ENVELOPE)
Macro equivalent to: (FLAGS INTERNALDATE RFC822.SIZE)
Macro equivalent to: (FLAGS INTERNALDATE RFC822.SIZE ENVELOPE
BODY)Several data items reference "section" or "section-binary".
See for their detailed definition.
The currently defined data items that can be fetched are:
Requests that the specified section be transmitted after
performing Content-Transfer-Encoding-related decoding.
The <partial> argument, if present, requests that a subset of
the data be returned. The semantics of a partial FETCH BINARY
command are the same as for a partial FETCH BODY command, with
the exception that the <partial> arguments refer to the DECODED
section data.
Note that this data item can only be requested for leaf
(i.e. non multipart/*, non message/rfc822 and non message/global) body parts.
An alternate form of BINARY[<section-binary>] that does not implicitly
set the \Seen flag.
Requests the decoded size of the section (i.e., the size to
expect in response to the corresponding FETCH BINARY request).
Note: client authors are cautioned that this might be an
expensive operation for some server implementations.
Needlessly issuing this request could result in degraded
performance due to servers having to calculate the value every
time the request is issued.
Note that this data item can only be requested for leaf
(i.e. non multipart/*, non message/rfc822 and non message/global) body parts.
Non-extensible form of BODYSTRUCTURE.
The text of a particular body section.
It is possible to fetch a substring of the designated text.
This is done by appending an open angle bracket ("<"), the
octet position of the first desired octet, a period, the
maximum number of octets desired, and a close angle bracket
(">") to the part specifier. If the starting octet is beyond
the end of the text, an empty string is returned.
Any partial fetch that attempts to read beyond the end of the
text is truncated as appropriate. A partial fetch that starts
at octet 0 is returned as a partial fetch, even if this
truncation happened.
Note: This means that BODY[]<0.2048> of a 1500-octet message
will return BODY[]<0> with a literal of size 1500, not
BODY[].
Note: A substring fetch of a HEADER.FIELDS or
HEADER.FIELDS.NOT part specifier is calculated after
subsetting the header.
The \Seen flag is implicitly set; if this causes the flags to
change, they SHOULD be included as part of the FETCH responses.
An alternate form of BODY[<section>] that does not implicitly
set the \Seen flag.
The body structure of the message. This is computed
by the server by parsing the header fields in the
header and headers.
See for more details.
The envelope structure of the message. This is computed by the
server by parsing the header into the component
parts, defaulting various fields as necessary.
See for more details.
The flags that are set for this message.
The internal date of the message.
The size of the message.
The unique identifier for the message.Several FETCH data items reference "section" or "section-binary".
The section specification is a set of zero or more part specifiers
delimited by periods. A part specifier is either a part number
or one of the following: HEADER, HEADER.FIELDS,
HEADER.FIELDS.NOT, MIME, and TEXT. (Non numeric part specifiers
have to be the last specifier in a section specification.)
An empty section specification refers to the entire message, including the
header.
Every message has at least one part number. Non-
messages, and non-multipart messages with no
encapsulated message, only have a part 1.
Multipart messages are assigned consecutive part numbers, as
they occur in the message. If a particular part is of type
message or multipart, its parts MUST be indicated by a period
followed by the part number within that nested multipart part.
A part of type MESSAGE/RFC822 or MESSAGE/GLOBAL also has nested part numbers,
referring to parts of the MESSAGE part's body.
The HEADER, HEADER.FIELDS, HEADER.FIELDS.NOT, and TEXT part
specifiers can be the sole part specifier or can be prefixed by
one or more numeric part specifiers, provided that the numeric
part specifier refers to a part of type MESSAGE/RFC822 or MESSAGE/GLOBAL. The
MIME part specifier MUST be prefixed by one or more numeric
part specifiers.
The HEADER, HEADER.FIELDS, and HEADER.FIELDS.NOT part
specifiers refer to the header of the message or of
an encapsulated MESSAGE/RFC822 or MESSAGE/GLOBAL message.
HEADER.FIELDS and HEADER.FIELDS.NOT are followed by a list of
field-name (as defined in ) names, and return a
subset of the header. The subset returned by HEADER.FIELDS
contains only those header fields with a field-name that
matches one of the names in the list; similarly, the subset
returned by HEADER.FIELDS.NOT contains only the header fields
with a non-matching field-name. The field-matching is
ASCII range case-insensitive but otherwise exact. Subsetting does not
exclude the delimiting blank line between the header
and the body; the blank line is included in all header fetches,
except in the case of a message which has no body and no blank
line.
The MIME part specifier refers to the header for
this part.
The TEXT part specifier refers to the text body of the message,
omitting the header.
Here is an example of a complex message with some of its
part specifiers:
sequence set
message data item name
value for message data itemuntagged responses: FETCHOK - store completed
NO - store error: can't store that data
BAD - command unknown or arguments invalid
The STORE command alters data associated with a message in the
mailbox. Normally, STORE will return the updated value of the
data with an untagged FETCH response. A suffix of ".SILENT" in
the data item name prevents the untagged FETCH, and the server
SHOULD assume that the client has determined the updated value
itself or does not care about the updated value.
Note: Regardless of whether or not the ".SILENT" suffix
was used, the server SHOULD send an untagged FETCH
response if a change to a message's flags from an
external source is observed. The intent is that the
status of the flags is determinate without a race
condition.
The currently defined data items that can be stored are:
Replace the flags for the message with the
argument. The new value of the flags is returned as if a FETCH
of those flags was done.
Equivalent to FLAGS, but without returning a new value.
Add the argument to the flags for the message. The new value
of the flags is returned as if a FETCH of those flags was done.
Equivalent to +FLAGS, but without returning a new value.
Remove the argument from the flags for the message. The new
value of the flags is returned as if a FETCH of those flags was
done.
Equivalent to -FLAGS, but without returning a new value.sequence set
mailbox nameno specific responses for this commandOK - copy completed
NO - copy error: can't copy those messages or to that
name
BAD - command unknown or arguments invalid
The COPY command copies the specified message(s) to the end of the
specified destination mailbox. The flags and internal date of the
message(s) SHOULD be preserved in the copy.
If the destination mailbox does not exist, a server SHOULD return
an error. It SHOULD NOT automatically create the mailbox. Unless
it is certain that the destination mailbox can not be created, the
server MUST send the response code "[TRYCREATE]" as the prefix of
the text of the tagged NO response. This gives a hint to the
client that it can attempt a CREATE command and retry the COPY if
the CREATE is successful.
If the COPY command is unsuccessful for any reason, server
implementations MUST restore the destination mailbox to its state
before the COPY attempt.
On successful completion of a COPY, the server SHOULD return a COPYUID response code
(see ).
In the case of a mailbox that has permissions set so that the client
can COPY to the mailbox, but not SELECT or EXAMINE it, the
server SHOULD NOT send an COPYUID response code as it
would disclose information about the mailbox.
In the case of a mailbox that has UIDNOTSTICKY status
(see ),
the server MAY omit the COPYUID response code as
it is not meaningful.
If the server does not return the COPYUID response
code, the client can discover this information by selecting the
destination mailbox. The location of messages placed in the
destination mailbox by COPY can be determined by using
FETCH and/or SEARCH commands (e.g., for Message-ID).
sequence set
mailbox nameno specific responses for this commandOK - move completed
NO - move error: can't move those messages or to that
name
BAD - command unknown or arguments invalid
The MOVE command moves the specified message(s) to the end of the
specified destination mailbox. The flags and internal date of the
message(s) SHOULD be preserved.
This means that a new message is created in the target mailbox with a
new UID, the original message is removed from the source mailbox, and
it appears to the client as a single action. This has the same
effect for each message as this sequence:
[UID] COPY[UID] STORE +FLAGS.SILENT \DELETEDUID EXPUNGE
Although the effect of the MOVE is the same as the preceding steps,
the semantics are not identical: The intermediate states produced by
those steps do not occur, and the response codes are different. In
particular, though the COPY and EXPUNGE response codes will be
returned, response codes for a STORE MUST NOT be generated and the
\Deleted flag MUST NOT be set for any message.
Because a MOVE applies to a set of messages, it might fail partway
through the set. Regardless of whether the command is successful in
moving the entire set, each individual message SHOULD either be moved
or unaffected. The server MUST leave each message in a state where
it is in at least one of the source or target mailboxes (no message
can be lost or orphaned). The server SHOULD NOT leave any message in
both mailboxes (it would be bad for a partial failure to result in a
bunch of duplicate messages). This is true even if the server
returns a tagged NO response to the command.
Because of the similarity of MOVE to COPY, extensions that affect
COPY affect MOVE in the same way. Response codes such as TRYCREATE
(see ), as well as those defined by
extensions, are sent as appropriate.
Servers SHOULD send COPYUID in response to a UID MOVE (see ) command.
For additional information see .
Servers are also advised to send the COPYUID
response code in an untagged OK before sending EXPUNGE or moved
responses. (Sending COPYUID in the tagged OK, as described in the
UIDPLUS specification, means that clients first receive an EXPUNGE
for a message and afterwards COPYUID for the same message. It can be
unnecessarily difficult to process that sequence usefully.)
Note that the server may send unrelated EXPUNGE responses as well, if
any happen to have been expunged at the same time; this is normal
IMAP operation.
Note that moving a message to the currently selected mailbox (that
is, where the source and target mailboxes are the same) is allowed
when copying the message to the currently selected mailbox is
allowed.
The server may send EXPUNGE responses before the tagged
response, so the client cannot safely send more commands with message
sequence number arguments while the server is processing MOVE.
MOVE and UID MOVE can be pipelined with other commands, but care
has to be taken. Both commands modify sequence numbers and also
allow unrelated EXPUNGE responses. The renumbering of other messages
in the source mailbox following any EXPUNGE response can be
surprising and makes it unsafe to pipeline any command that relies on
message sequence numbers after a MOVE or UID MOVE. Similarly, MOVE
cannot be pipelined with a command that might cause message
renumbering. See , for more information about
ambiguities as well as handling requirements for both clients and
servers.
command name
command argumentsuntagged responses: FETCH, ESEARCH, EXPUNGEOK - UID command completed
NO - UID command error
BAD - command unknown or arguments invalid
The UID command has three forms. In the first form, it takes as its
arguments a COPY, MOVE, FETCH, or STORE command with arguments
appropriate for the associated command. However, the numbers in
the sequence set argument are unique identifiers instead of
message sequence numbers. Sequence set ranges are permitted, but
there is no guarantee that unique identifiers will be contiguous.
A non-existent unique identifier is ignored without any error
message generated. Thus, it is possible for a UID FETCH command
to return an OK without any data or a UID COPY, UID MOVE or UID STORE to
return an OK without performing any operations.
In the second form, the UID command takes an EXPUNGE command with
an extra parameter the specified a sequence set of UIDs to operate on.
The UID EXPUNGE command permanently removes all messages that both
have the \Deleted flag set and have a UID that is included in the
specified sequence set from the currently selected mailbox. If a
message either does not have the \Deleted flag set or has a UID
that is not included in the specified sequence set, it is not
affected.
UID EXPUNGE is particularly useful for disconnected use clients.
By using UID EXPUNGE instead of EXPUNGE when resynchronizing with
the server, the client can ensure that it does not inadvertantly
remove any messages that have been marked as \Deleted by other
clients between the time that the client was last connected and
the time the client resynchronizes.
In the third form, the UID command takes a SEARCH command with
SEARCH command arguments. The interpretation of the arguments is
the same as with SEARCH; however, the numbers returned in a ESEARCH
response for a UID SEARCH command are unique identifiers instead
of message sequence numbers. Also, the corresponding ESEARCH response MUST
include the UID indicator.
For example, the command UID SEARCH
1:100 UID 443:557 returns the unique identifiers corresponding to
the intersection of two sequence sets, the message sequence number
range 1:100 and the UID range 443:557.
Note: in the above example, the UID range 443:557
appears. The same comment about a non-existent unique
identifier being ignored without any error message also
applies here. Hence, even if neither UID 443 or 557
exist, this range is valid and would include an existing
UID 495.
Also note that a UID range of 559:* always includes the
UID of the last message in the mailbox, even if 559 is
higher than any assigned UID value. This is because the
contents of a range are independent of the order of the
range endpoints. Thus, any UID range with * as one of
the endpoints indicates at least one message (the
message with the highest numbered UID), unless the
mailbox is empty.
The number after the "*" in an untagged FETCH or EXPUNGE response is always a
message sequence number, not a unique identifier, even for a UID
command response. However, server implementations MUST implicitly
include the UID message data item as part of any FETCH response
caused by a UID command, regardless of whether a UID was specified
as a message data item to the FETCH.
Note: The rule about including the UID message data item as part
of a FETCH response primarily applies to the UID FETCH and UID
STORE commands, including a UID FETCH command that does not
include UID as a message data item. Although it is unlikely that
the other UID commands will cause an untagged FETCH, this rule
applies to these commands as well.
implementation definedimplementation definedOK - command completed
NO - failure
BAD - command unknown or arguments invalid
Any command prefixed with an X is an experimental command.
Commands which are not part of this specification, a standard or
standards-track revision of this specification, or an
IESG-approved experimental protocol, MUST use the X prefix.
Any added untagged responses issued by an experimental command
MUST also be prefixed with an X. Server implementations MUST NOT
send any such untagged responses, unless the client requested it
by issuing the associated experimental command.
Server responses are in three forms: status responses, server data,
and command continuation request. The information contained in a
server response, identified by "Contents:" in the response
descriptions below, is described by function, not by syntax. The
precise syntax of server responses is described in the Formal Syntax
section.
The client MUST be prepared to accept any response at all times.
Status responses can be tagged or untagged. Tagged status responses
indicate the completion result (OK, NO, or BAD status) of a client
command, and have a tag matching the command.
Some status responses, and all server data, are untagged. An
untagged response is indicated by the token "*" instead of a tag.
Untagged status responses indicate server greeting, or server status
that does not indicate the completion of a command (for example, an
impending system shutdown alert). For historical reasons, untagged
server data responses are also called "unsolicited data", although
strictly speaking, only unilateral server data is truly
"unsolicited".
Certain server data MUST be recorded by the client when it is
received; this is noted in the description of that data. Such data
conveys critical information which affects the interpretation of all
subsequent commands and responses (e.g., updates reflecting the
creation or destruction of messages).
Other server data SHOULD be recorded for later reference; if the
client does not need to record the data, or if recording the data has
no obvious purpose (e.g., a SEARCH response when no SEARCH command is
in progress), the data SHOULD be ignored.
An example of unilateral untagged server data occurs when the IMAP
connection is in the selected state. In the selected state, the
server checks the mailbox for new messages as part of command
execution. Normally, this is part of the execution of every command;
hence, a NOOP command suffices to check for new messages. If new
messages are found, the server sends untagged EXISTS
response reflecting the new size of the mailbox. Server
implementations that offer multiple simultaneous access to the same
mailbox SHOULD also send appropriate unilateral untagged FETCH and
EXPUNGE responses if another agent changes the state of any message
flags or expunges any messages.
Command continuation request responses use the token "+" instead of a
tag. These responses are sent by the server to indicate acceptance
of an incomplete client command and readiness for the remainder of
the command.
Status responses are OK, NO, BAD, PREAUTH and BYE. OK, NO, and BAD
can be tagged or untagged. PREAUTH and BYE are always untagged.
Status responses MAY include an OPTIONAL "response code". A response
code consists of data inside square brackets in the form of an atom,
possibly followed by a space and arguments. The response code
contains additional information or status codes for client software
beyond the OK/NO/BAD condition, and are defined when there is a
specific action that a client can take based upon the additional
information.
The currently defined response codes are:
The human-readable text contains a special alert that MUST be
presented to the user in a fashion that calls the user's
attention to the message.
The operation attempts to create something that already exists,
such as when the CREATE or RENAME directories attempt to create
a mailbox and there is already one of that name.
C: o356 RENAME this that
S: o356 NO [ALREADYEXISTS] Mailbox "that" already exists
Followed by the UIDVALIDITY of the destination mailbox and the UID
assigned to the appended message in the destination mailbox,
indicates that the message has been appended to the destination
mailbox with that UID.
If the server also supports the extension, and if
multiple messages were appended in the APPEND command, then the
second value is a UID set containing the UIDs assigned to the
appended messages, in the order they were transmitted in the
APPEND command. This UID set may not contain extraneous UIDs or
the symbol "*".
Note: the UID set form of the APPENDUID response code MUST NOT
be used if only a single message was appended. In particular,
a server MUST NOT send a range such as 123:123. This is
because a client that does not support expects
only a single UID and not a UID set.
UIDs are assigned in strictly ascending order in the mailbox
(refer to ); note that a range of 12:10 is exactly
equivalent to 10:12 and refers to the sequence 10,11,12.
This response code is returned in a tagged OK response to the
APPEND command.
Authentication failed for some reason on which the server is
unwilling to elaborate. Typically, this includes "unknown
user" and "bad password".
This is the same as not sending any response code, except that
when a client sees AUTHENTICATIONFAILED, it knows that the
problem wasn't, e.g., UNAVAILABLE, so there's no point in
trying the same login/password again later.
C: b LOGIN "fred" "foo"
S: b NO [AUTHENTICATIONFAILED] Authentication failed
Authentication succeeded in using the authentication identity,
but the server cannot or will not allow the authentication
identity to act as the requested authorization identity. This
is only applicable when the authentication and authorization
identities are different.
C: c1 AUTHENTICATE PLAIN
[...]
S: c1 NO [AUTHORIZATIONFAILED] No such authorization-ID
C: c2 AUTHENTICATE PLAIN
[...]
S: c2 NO [AUTHORIZATIONFAILED] Authenticator is not an admin
Optionally followed by a parenthesized list of charsets. A
SEARCH failed because the given charset is not supported by
this implementation. If the optional list of charsets is
given, this lists the charsets that are supported by this
implementation.
The operation violates some invariant of the server and can
never succeed.
C: l create "///////"
S: l NO [CANNOT] Adjacent slashes are not supported
Followed by a list of capabilities. This can appear in the
initial OK or PREAUTH response to transmit an initial
capabilities list. It can also appear in tagged responses to LOGIN
or AUTHENTICATE commands. This makes it unnecessary for a client to
send a separate CAPABILITY command if it recognizes this
response.
The server has detected a client bug. This can accompany all
of OK, NO, and BAD, depending on what the client bug is.
C: k1 select "/archive/projects/experiment-iv"
[...]
S: k1 OK [READ-ONLY] Done
C: k2 status "/archive/projects/experiment-iv" (messages)
[...]
S: k2 OK [CLIENTBUG] Done
The CLOSED response code has no parameters. A server return the CLOSED
response code when the currently selected mailbox is closed
implicitly using the SELECT/EXAMINE command on another mailbox. The
CLOSED response code serves as a boundary between responses for the
previously opened mailbox (which was closed) and the newly selected
mailbox; all responses before the CLOSED response code relate to the
mailbox that was closed, and all subsequent responses relate to the
newly opened mailbox.
There is no need to return the CLOSED response code on completion of
the CLOSE or the UNSELECT command (or similar), whose
purpose is to close the currently selected mailbox without opening a
new one.
The user should contact the system administrator or support
desk.
C: e login "fred" "foo"
S: e OK [CONTACTADMIN]
Followed by the UIDVALIDITY of the destination mailbox, a UID set
containing the UIDs of the message(s) in the source mailbox that
were copied to the destination mailbox and containing the UIDs
assigned to the copied message(s) in the destination mailbox,
indicates that the message(s) have been copied to the destination
mailbox with the stated UID(s).
The source UID set is in the order the message(s) were copied; the
destination UID set corresponds to the source UID set and is in
the same order. Neither of the UID sets may contain extraneous
UIDs or the symbol "*".
UIDs are assigned in strictly ascending order in the mailbox
(refer to ); note that a range of 12:10 is exactly
equivalent to 10:12 and refers to the sequence 10,11,12.
This response code is returned in a tagged OK response to the COPY
command.
The server discovered that some relevant data (e.g., the
mailbox) are corrupt. This response code does not include any
information about what's corrupt, but the server can write that
to its logfiles.
C: i select "/archive/projects/experiment-iv"
S: i NO [CORRUPTION] Cannot open mailbox
Either authentication succeeded or the server no longer had the
necessary data; either way, access is no longer permitted using
that passphrase. The client or user should get a new
passphrase.
C: d login "fred" "foo"
S: d NO [EXPIRED] That password isn't valid any more
Someone else has issued an EXPUNGE for the same mailbox. The
client may want to issue NOOP soon. discusses this
subject in depth.
C: h search from fred@example.com
S: * ESEARCH (TAG "h") ALL 1:3,5,8,13,21,42
S: h OK [EXPUNGEISSUED] Search completed
The mailbox delete operation failed because the mailbox
has one or more children and the server doesn't allow
deletion of mailboxes with children.
C: m356 DELETE Notes
S: o356 NO [HASCHILDREN] Mailbox "Notes" has children
that need to be deleted first
An operation has not been carried out because it involves
sawing off a branch someone else is sitting on. Someone else
may be holding an exclusive lock needed for this operation, or
the operation may involve deleting a resource someone else is
using, typically a mailbox.
The operation may succeed if the client tries again later.
C: g delete "/archive/projects/experiment-iv"
S: g NO [INUSE] Mailbox in use
The operation ran up against an implementation limit of some
kind, such as the number of flags on a single message or the
number of flags used in a mailbox.
C: m STORE 42 FLAGS f1 f2 f3 f4 f5 ... f250
S: m NO [LIMIT] At most 32 flags in one mailbox supported
The operation attempts to delete something that does not exist.
Similar to ALREADYEXISTS.
C: p RENAME this that
S: p NO [NONEXISTENT] No such mailbox
The access control system (e.g., Access Control List (ACL), see
does not permit this user to carry out an operation,
such as selecting or creating a mailbox.
C: f select "/archive/projects/experiment-iv"
S: f NO [NOPERM] Access denied
The user would be over quota after the operation. (The user
may or may not be over quota already.)
Note that if the server sends OVERQUOTA but doesn't support the
IMAP QUOTA extension defined by , then there is a
quota, but the client cannot find out what the quota is.
C: n1 uid copy 1:* oldmail
S: n1 NO [OVERQUOTA] Sorry
C: n2 uid copy 1:* oldmail
S: n2 OK [OVERQUOTA] You are now over your soft quota
The human-readable text represents an error in parsing the
header or headers of a message in the
mailbox.
Followed by a parenthesized list of flags, indicates which of
the known flags the client can change permanently. Any flags
that are in the FLAGS untagged response, but not the
PERMANENTFLAGS list, can not be set permanently.
The PERMANENTFLAGS list can also include the special flag \*,
which indicates that it is possible to create new keywords by
attempting to store those keywords in the mailbox.
If the client attempts to STORE a flag that is not in the PERMANENTFLAGS
list, the server will either ignore the change or store the
state change for the remainder of the current session only.
There is no need for a server that included the special flag \*
to return a new PERMANENTFLAGS response code when a new keyword
was successfully set on a message upon client request.
However if the server has a limit on the number of different keywords
that can be stored in a mailbox and that limit is reached,
the server MUST send a new PERMANENTFLAGS response code
without the special flag \*.
The operation is not permitted due to a lack of privacy. If
Transport Layer Security (TLS) is not in use, the client could
try STARTTLS (see ) and then repeat
the operation.
C: d login "fred" "foo"
S: d NO [PRIVACYREQUIRED] Connection offers no privacy
C: d select inbox
S: d NO [PRIVACYREQUIRED] Connection offers no privacy
The mailbox is selected read-only, or its access while selected
has changed from read-write to read-only.
The mailbox is selected read-write, or its access while
selected has changed from read-only to read-write.
The server encountered a bug in itself or violated one of its
own invariants.
C: j select "/archive/projects/experiment-iv"
S: j NO [SERVERBUG] This should not happen
An APPEND or COPY attempt is failing because the target mailbox
does not exist (as opposed to some other reason). This is a
hint to the client that the operation can succeed if the
mailbox is first created by the CREATE command.
Followed by a decimal number, indicates the next unique
identifier value. Refer to for more
information.
The selected mailbox is supported by a mail store that does not
support persistent UIDs; that is, UIDVALIDITY will be different
each time the mailbox is selected. Consequently, APPEND or COPY
to this mailbox will not return an APPENDUID or COPYUID response
code.This response code is returned in an untagged NO response to the
SELECT command.
Note: servers SHOULD NOT have any UIDNOTSTICKY mail stores.
This facility exists to support legacy mail stores in which it
is technically infeasible to support persistent UIDs. This
should be avoided when designing new mail stores.
Followed by a decimal number, indicates the unique identifier
validity value. Refer to for more information.
Temporary failure because a subsystem is down. For example, an
IMAP server that uses a Lightweight Directory Access Protocol
(LDAP) or Radius server for authentication might use this
response code when the LDAP/Radius server is down.
C: a LOGIN "fred" "foo"
S: a NO [UNAVAILABLE] User's backend down for maintenance
The server does not know how to decode the section's Content-Transfer-Encoding.
Client implementations MUST ignore response codes that they do not recognize.
OPTIONAL response code
human-readable text
The OK response indicates an information message from the server.
When tagged, it indicates successful completion of the associated
command. The human-readable text MAY be presented to the user as
an information message. The untagged form indicates an
information-only message; the nature of the information MAY be
indicated by a response code.
The untagged form is also used as one of three possible greetings
at connection startup. It indicates that the connection is not
yet authenticated and that a LOGIN or an AUTHENTICATE command is needed.
OPTIONAL response code
human-readable text
The NO response indicates an operational error message from the
server. When tagged, it indicates unsuccessful completion of the
associated command. The untagged form indicates a warning; the
command can still complete successfully. The human-readable text
describes the condition.
OPTIONAL response code
human-readable text
The BAD response indicates an error message from the server. When
tagged, it reports a protocol-level error in the client's command;
the tag indicates the command that caused the error. The untagged
form indicates a protocol-level error for which the associated
command can not be determined; it can also indicate an internal
server failure. The human-readable text describes the condition.
OPTIONAL response code
human-readable text
The PREAUTH response is always untagged, and is one of three
possible greetings at connection startup. It indicates that the
connection has already been authenticated by external means; thus
no LOGIN/AUTHENTICATE command is needed.
OPTIONAL response code
human-readable text
The BYE response is always untagged, and indicates that the server
is about to close the connection. The human-readable text MAY be
displayed to the user in a status report by the client. The BYE
response is sent under one of four conditions:
as part of a normal logout sequence. The server will close
the connection after sending the tagged OK response to the
LOGOUT command.
as a panic shutdown announcement. The server closes the
connection immediately.
as an announcement of an inactivity autologout. The server
closes the connection immediately.
as one of three possible greetings at connection startup,
indicating that the server is not willing to accept a
connection from this client. The server closes the
connection immediately.
The difference between a BYE that occurs as part of a normal
LOGOUT sequence (the first case) and a BYE that occurs because of
a failure (the other three cases) is that the connection closes
immediately in the failure case. In all cases the client SHOULD
continue to read response data from the server until the
connection is closed; this will ensure that any pending untagged
or completion responses are read and processed.
These responses are always untagged. This is how server and mailbox
status data are transmitted from the server to the client. Many of
these responses typically result from a command with the same name.
capability listing
The ENABLED response occurs as a result of an ENABLE command. The
capability listing contains a space-separated listing of capability
names that the server supports and that were successfully enabled.
The ENABLED response may contain no capabilities, which means that no
extensions listed by the client were successfully enabled.
capability listing
The CAPABILITY response occurs as a result of a CAPABILITY
command. The capability listing contains a space-separated
listing of capability names that the server supports. The
capability listing MUST include the atom "IMAP4rev2".
In addition, client and server implementations MUST implement the
STARTTLS, LOGINDISABLED, and AUTH=PLAIN (described in )
capabilities. See the Security Considerations section for
important information.
A capability name which begins with "AUTH=" indicates that the
server supports that particular authentication mechanism.
The LOGINDISABLED capability indicates that the LOGIN command is
disabled, and that the server will respond with a tagged NO
response to any attempt to use the LOGIN command even if the user
name and password are valid. An IMAP client MUST NOT issue the
LOGIN command if the server advertises the LOGINDISABLED
capability.
Other capability names indicate that the server supports an
extension, revision, or amendment to the IMAP4rev2 protocol.
Server responses MUST conform to this document until the client
issues a command that uses the associated capability.
Capability names MUST either begin with "X" or be informational, experimental or
standards-track IMAP4rev2 extensions, revisions, or amendments
registered with IANA. A server SHOULD NOT offer unregistered or
non-standard capability names, unless such names are prefixed with
an "X".
Client implementations SHOULD NOT require any capability name
other than "IMAP4rev2", and MUST ignore any unknown capability
names.
A server MAY send capabilities automatically, by using the
CAPABILITY response code in the initial PREAUTH or OK responses,
and by sending an updated CAPABILITY response code in the tagged
OK response as part of a successful authentication. It is
unnecessary for a client to send a separate CAPABILITY command if
it recognizes these automatic capabilities.
name attributes
hierarchy delimiter
name
OPTIONAL extension data
The LIST response occurs as a result of a LIST command. It
returns a single name that matches the LIST specification. There
can be multiple LIST responses for a single LIST command.
The following base mailbox name attributes are defined:
The "\NonExistent" attribute indicates that a mailbox name does not
refer to an existing mailbox. Note that this attribute is not
meaningful by itself, as mailbox names that match the canonical LIST
pattern but don't exist must not be returned unless one of the two
conditions listed below is also satisfied:
The mailbox name also satisfies the selection criteria (for
example, it is subscribed and the "SUBSCRIBED" selection option
has been specified)."RECURSIVEMATCH" has been specified, and the mailbox name has at
least one descendant mailbox name that does not match the LIST
pattern and does match the selection criteria.
In practice, this means that the "\NonExistent" attribute is usually
returned with one or more of "\Subscribed", "\Remote",
"\HasChildren", or the CHILDINFO extended data item.
The "\NonExistent" attribute implies "\NoSelect".
It is not possible for any child levels of hierarchy to exist
under this name; no child levels exist now and none can be
created in the future.
It is not possible to use this name as a selectable mailbox.
The presence of this attribute indicates that the mailbox has child
mailboxes. A server SHOULD NOT set this attribute if there are
child mailboxes and the user does not have permission to access
any of them. In this case, \HasNoChildren SHOULD be used. In
many cases, however, a server may not be able to efficiently
compute whether a user has access to any child mailbox. Note
that even though the \HasChildren attribute for a mailbox must
be correct at the time of processing of the mailbox, a client
must be prepared to deal with a situation when a mailbox is
marked with the \HasChildren attribute, but no child mailbox
appears in the response to the LIST command. This might happen,
for example, due to children mailboxes being deleted or made
inaccessible to the user (using access control) by another
client before the server is able to list them.
The presence of this attribute indicates that the mailbox has NO
child mailboxes that are accessible to the currently
authenticated user.
The mailbox has been marked "interesting" by the server; the
mailbox probably contains messages that have been added since
the last time the mailbox was selected.
The mailbox does not contain any additional messages since the
last time the mailbox was selected.
The mailbox name was subscribed to using the SUBSCRIBE command.
The mailbox is a remote mailbox.
It is an error for the server to return both a \HasChildren and a
\HasNoChildren attribute in the same LIST response. A client that
encounters a LIST response with both \HasChildren and \HasNoChildren
attributes present should act as if both are absent in the LIST response.
Note: the \HasNoChildren attribute should not be confused with the
\NoInferiors attribute, which indicates that no
child mailboxes exist now and none can be created in the future.
If it is not feasible for the server to determine whether or not
the mailbox is "interesting", the server SHOULD NOT send either
\Marked or \Unmarked. The server MUST NOT send more than one of
\Marked, \Unmarked, and \Noselect for a single mailbox, and MAY
send none of these.
In addition to the base mailbox name attributes defined above,
an IMAP server MAY also include any or all of
the following attributes that denote "role" (or "special-use") of a mailbox.
These attributes are included along with base
attributes defined above. A given mailbox may
have none, one, or more than one of these attributes. In some cases,
a special use is advice to a client about what to put in that
mailbox. In other cases, it's advice to a client about what to
expect to find there.
This mailbox presents all messages in the user's message store.
Implementations MAY omit some messages, such as, perhaps, those
in \Trash and \Junk. When this special use is supported, it is
almost certain to represent a virtual mailbox.
This mailbox is used to archive messages. The meaning of an
"archival" mailbox is server-dependent; typically, it will be
used to get messages out of the inbox, or otherwise keep them
out of the user's way, while still making them accessible.
This mailbox is used to hold draft messages -- typically,
messages that are being composed but have not yet been sent. In
some server implementations, this might be a virtual mailbox,
containing messages from other mailboxes that are marked with
the "\Draft" message flag. Alternatively, this might just be
advice that a client put drafts here.
This mailbox presents all messages marked in some way as
"important". When this special use is supported, it is likely
to represent a virtual mailbox collecting messages (from other
mailboxes) that are marked with the "\Flagged" message flag.
This mailbox is where messages deemed to be junk mail are held.
Some server implementations might put messages here
automatically. Alternatively, this might just be advice to a
client-side spam filter.
This mailbox is used to hold copies of messages that have been
sent. Some server implementations might put messages here
automatically. Alternatively, this might just be advice that a
client save sent messages here.
This mailbox is used to hold messages that have been deleted or
marked for deletion. In some server implementations, this might
be a virtual mailbox, containing messages from other mailboxes
that are marked with the "\Deleted" message flag.
Alternatively, this might just be advice that a client that
chooses not to use the IMAP "\Deleted" model should use this as
its trash location. In server implementations that strictly
expect the IMAP "\Deleted" model, this special use is likely not
to be supported.
All of special-use attributes are OPTIONAL, and any given server or
message store may support any combination of the attributes, or none
at all. In most cases, there will likely be at most one mailbox with
a given attribute for a given user, but in some server or message
store implementations it might be possible for multiple mailboxes to
have the same special-use attribute.
Special-use attributes are likely to be user-specific. User Adam
might share his \Sent mailbox with user Barb, but that mailbox is
unlikely to also serve as Barb's \Sent mailbox.
Other mailbox name attributes can be found in the "IMAP Mailbox Name Attributes"
registry .
The hierarchy delimiter is a character used to delimit levels of
hierarchy in a mailbox name. A client can use it to create child
mailboxes, and to search higher or lower levels of naming
hierarchy. All children of a top-level hierarchy node MUST use
the same separator character. A NIL hierarchy delimiter means
that no hierarchy exists; the name is a "flat" name.
The name represents an unambiguous left-to-right hierarchy, and
MUST be valid for use as a reference in LIST command.
Unless \Noselect or \NonExistent is indicated, the name MUST also be valid as an
argument for commands, such as SELECT, that accept mailbox names.
The name might be followed by an OPTIONAL series of extended fields,
a parenthesized list of tagged data (also referred to as "extended data item").
The first element of an extended field is a string, which identifies the type of
data. specified requirements on string registration
(which are called "tags" there; such tags are not to be confused with IMAP command tags),
in particular it said that "Tags MUST be registered with IANA". This document doesn't
change that. See Section 9.5 of for the registration template.
The server MAY return data in the extended fields that was not directly solicited by the
client in the corresponding LIST command. For example, the client
can enable extra extended fields by using another IMAP extension that
make use of the extended LIST responses. The client MUST ignore all
extended fields it doesn't recognize.
the prefix and hierarchy delimiter to the server's Personal
Namespace(s), Other Users' Namespace(s), and Shared
Namespace(s)
The NAMESPACE response occurs as a result of a NAMESPACE command.
It contains the prefix and hierarchy delimiter to the server's
Personal Namespace(s), Other Users' Namespace(s), and Shared
Namespace(s) that the server wishes to expose. The
response will contain a NIL for any namespace class
that is not available. Namespace-Response-Extensions ABNF non terminal
is defined for extensibility and MAY be included in the response.
name
status parenthesized list
The STATUS response occurs as a result of an STATUS command. It
returns the mailbox name that matches the STATUS specification and
the requested mailbox status information.
one or more search-return-data pairs
The ESEARCH response occurs as a result of a SEARCH or UID SEARCH
command.
The ESEARCH response starts with an optional search correlator. If
it is missing, then the response was not caused by a particular IMAP
command, whereas if it is present, it contains the tag of the command
that caused the response to be returned.
The search correlator is followed by an optional UID indicator. If
this indicator is present, all data in the ESEARCH response refers to
UIDs, otherwise all returned data refers to message numbers.
The rest of the ESEARCH response contains one or more search data
pairs. Each pair starts with unique return item name, followed by a
space and the corresponding data. Search data pairs may be returned
in any order. Unless specified otherwise by an extension, any return
item name SHOULD appear only once in an ESEARCH response.
[[TBD: describe the most common search data pairs returned.]]flag parenthesized list
The FLAGS response occurs as a result of a SELECT or EXAMINE
command. The flag parenthesized list identifies the flags (at a
minimum, the system-defined flags) that are applicable for this
mailbox. Flags other than the system flags can also exist,
depending on server implementation.
The update from the FLAGS response MUST be recorded by the client.
These responses are always untagged. This is how changes in the size
of the mailbox are transmitted from the server to the client.
Immediately following the "*" token is a number that represents a
message count.
none
The EXISTS response reports the number of messages in the mailbox.
This response occurs as a result of a SELECT or EXAMINE command,
and if the size of the mailbox changes (e.g., new messages).
The update from the EXISTS response MUST be recorded by the
client.
These responses are always untagged. This is how message data are
transmitted from the server to the client, often as a result of a
command with the same name. Immediately following the "*" token is a
number that represents a message sequence number.
none
The EXPUNGE response reports that the specified message sequence
number has been permanently removed from the mailbox. The message
sequence number for each successive message in the mailbox is
immediately decremented by 1, and this decrement is reflected in
message sequence numbers in subsequent responses (including other
untagged EXPUNGE responses).
The EXPUNGE response also decrements the number of messages in the
mailbox; it is not necessary to send an EXISTS response with the
new value.
As a result of the immediate decrement rule, message sequence
numbers that appear in a set of successive EXPUNGE responses
depend upon whether the messages are removed starting from lower
numbers to higher numbers, or from higher numbers to lower
numbers. For example, if the last 5 messages in a 9-message
mailbox are expunged, a "lower to higher" server will send five
untagged EXPUNGE responses for message sequence number 5, whereas
a "higher to lower server" will send successive untagged EXPUNGE
responses for message sequence numbers 9, 8, 7, 6, and 5.
An EXPUNGE response MUST NOT be sent when no command is in
progress, nor while responding to a FETCH, STORE, or SEARCH
command. This rule is necessary to prevent a loss of
synchronization of message sequence numbers between client and
server. A command is not "in progress" until the complete command
has been received; in particular, a command is not "in progress"
during the negotiation of command continuation.
Note: UID FETCH, UID STORE, and UID SEARCH are different
commands from FETCH, STORE, and SEARCH. An EXPUNGE
response MAY be sent during a UID command.
The update from the EXPUNGE response MUST be recorded by the
client.
message data
The FETCH response returns data about a message to the client.
The data are pairs of data item names and their values in
parentheses. This response occurs as the result of a FETCH or
STORE command, as well as by unilateral server decision (e.g.,
flag updates).
The current data items are:
An <nstring> or <literal8> expressing the content of the
specified section after removing any Content-Transfer-Encoding-related encoding. If
<number> is present it refers to the offset within the DECODED
section data.
If the domain of the decoded data is "8bit" and the data does
not contain the NUL octet, the server SHOULD return the data in
a <string> instead of a <literal8>; this allows the client to
determine if the "8bit" data contains the NUL octet without
having to explicitly scan the data stream for for NULs.
Messaging clients and servers have been notoriously lax in their
adherence to the Internet CRLF convention for terminating lines of
textual data (text/* media types) in Internet protocols.
When sending data in BINARY[...] FETCH data item,
servers MUST ensure that textual line-oriented
sections are always transmitted using the IMAP4 CRLF line termination
syntax, regardless of the underlying storage representation of the
data on the server.
If the server does not know how to decode the section's Content-Transfer-Encoding,
it MUST fail the request and issue a "NO" response that contains
the "UNKNOWN-CTE" response code.
The size of the section after removing any Content-Transfer-Encoding-related
encoding. The value returned MUST match the size of the
<nstring> or <literal8> that will be returned by the
corresponding FETCH BINARY request.
If the server does not know how to decode the section's Content-Transfer-Encoding,
it MUST fail the request and issue a "NO" response that contains
the "UNKNOWN-CTE" response code.
A form of BODYSTRUCTURE without extension data.
A string expressing the body contents of the specified section.
The string SHOULD be interpreted by the client according to the
content transfer encoding, body type, and subtype.
If the origin octet is specified, this string is a substring of
the entire body contents, starting at that origin octet. This
means that BODY[]<0> MAY be truncated, but BODY[] is NEVER
truncated.
Note: The origin octet facility MUST NOT be used by a server
in a FETCH response unless the client specifically requested
it by means of a FETCH of a BODY[<section>]<<partial>> data
item.
8-bit textual data is permitted if a identifier is
part of the body parameter parenthesized list for this section.
Note that headers (part specifiers HEADER or MIME, or the
header portion of a MESSAGE/RFC822 or MESSAGE/GLOBAL part), MAY be in UTF-8. Note also that the
delimiting blank line between the header and the
body is not affected by header line subsetting; the blank line
is always included as part of header data, except in the case
of a message which has no body and no blank line.
Non-textual data such as binary data MUST be transfer encoded
into a textual form, such as BASE64, prior to being sent to the
client. To derive the original binary data, the client MUST
decode the transfer encoded string.
A parenthesized list that describes the body
structure of a message. This is computed by the server by
parsing the header fields, defaulting various fields
as necessary.
For example, a simple text message of 48 lines and 2279 octets
can have a body structure of: ("TEXT" "PLAIN" ("CHARSET"
"US-ASCII") NIL NIL "7BIT" 2279 48)
Multiple parts are indicated by parenthesis nesting. Instead
of a body type as the first element of the parenthesized list,
there is a sequence of one or more nested body structures. The
second element of the parenthesized list is the multipart
subtype (mixed, digest, parallel, alternative, etc.).
For example, a two part message consisting of a text and a
BASE64-encoded text attachment can have a body structure of:
(("TEXT" "PLAIN" ("CHARSET" "US-ASCII") NIL NIL "7BIT" 1152
23)("TEXT" "PLAIN" ("CHARSET" "US-ASCII" "NAME" "cc.diff")
"<960723163407.20117h@cac.washington.edu>" "Compiler diff"
"BASE64" 4554 73) "MIXED")
Extension data follows the multipart subtype. Extension data
is never returned with the BODY fetch, but can be returned with
a BODYSTRUCTURE fetch. Extension data, if present, MUST be in
the defined order. The extension data of a multipart body part
are in the following order:
A parenthesized list of attribute/value pairs [e.g., ("foo"
"bar" "baz" "rag") where "bar" is the value of "foo", and
"rag" is the value of "baz"] as defined in .
Servers SHOULD decode parameter value continuations and
parameter value character sets as described in ,
for example, if the message contains parameters "baz*0", "baz*1" and "baz*2",
the server should RFC2231-decode them, concatenate and return the resulting value
as a parameter "baz".
Similarly, if the message contains parameters "foo*0*" and "foo*1*", the server
should RFC2231-decode them, convert to UTF-8, concatenate and return
the resulting value as a parameter "foo*".
A parenthesized list, consisting of a disposition type
string, followed by a parenthesized list of disposition
attribute/value pairs as defined in .
Servers SHOULD decode parameter value continuations as described in .
A string or parenthesized list giving the body language
value as defined in .
A string giving the body content URI as defined in
.
Any following extension data are not yet defined in this
version of the protocol. Such extension data can consist of
zero or more NILs, strings, numbers, or potentially nested
parenthesized lists of such data. Client implementations that
do a BODYSTRUCTURE fetch MUST be prepared to accept such
extension data. Server implementations MUST NOT send such
extension data until it has been defined by a revision of this
protocol.
The basic fields of a non-multipart body part are in the
following order:
A string giving the content media type name as defined in
.
A string giving the content subtype name as defined in
.
A parenthesized list of attribute/value pairs [e.g., ("foo"
"bar" "baz" "rag") where "bar" is the value of "foo" and
"rag" is the value of "baz"] as defined in .
A string giving the Content-ID header field value as defined in
Section 7 of .
A string giving the Content-Description header field value as defined in
Section 8 of .
A string giving the content transfer encoding as defined in
Section 6 of .
A number giving the size of the body in octets. Note that
this size is the size in its transfer encoding and not the
resulting size after any decoding.
A body type of type MESSAGE and subtype RFC822 contains,
immediately after the basic fields, the envelope structure,
body structure, and size in text lines of the encapsulated
message.
A body type of type TEXT contains, immediately after the basic
fields, the size of the body in text lines. Note that this
size is the size in its content transfer encoding and not the
resulting size after any decoding.
Extension data follows the basic fields and the type-specific
fields listed above. Extension data is never returned with the
BODY fetch, but can be returned with a BODYSTRUCTURE fetch.
Extension data, if present, MUST be in the defined order.
The extension data of a non-multipart body part are in the
following order:
A string giving the body MD5 value as defined in .
A parenthesized list with the same content and function as
the body disposition for a multipart body part.
A string or parenthesized list giving the body language
value as defined in .
A string giving the body content URI as defined in
.
Any following extension data are not yet defined in this
version of the protocol, and would be as described above under
multipart extension data.
A parenthesized list that describes the envelope structure of a
message. This is computed by the server by parsing the
header into the component parts, defaulting various
fields as necessary.
The fields of the envelope structure are in the following
order: date, subject, from, sender, reply-to, to, cc, bcc,
in-reply-to, and message-id. The date, subject, in-reply-to,
and message-id fields are strings. The from, sender, reply-to,
to, cc, and bcc fields are parenthesized lists of address
structures.
An address structure is a parenthesized list that describes an
electronic mail address. The fields of an address structure
are in the following order: personal name,
at-domain-list (source route, obs-route), mailbox name, and host name.
group syntax is indicated by a special form of
address structure in which the host name field is NIL. If the
mailbox name field is also NIL, this is an end of group marker
(semi-colon in RFC 822 syntax). If the mailbox name field is
non-NIL, this is a start of group marker, and the mailbox name
field holds the group name phrase.
If the Date, Subject, In-Reply-To, and Message-ID header lines
are absent in the header, the corresponding member
of the envelope is NIL; if these header lines are present but
empty the corresponding member of the envelope is the empty
string.
Note: some servers may return a NIL envelope member in the
"present but empty" case. Clients SHOULD treat NIL and
empty string as identical.
Note: requires that all messages have a valid
Date header. Therefore, for a well-formed message the date member in the envelope can
not be NIL or the empty string. However it can be NIL
for a malformed or a draft message.
Note: requires that the In-Reply-To and
Message-ID headers, if present, have non-empty content.
Therefore, for a well-formed message the in-reply-to and message-id members in the
envelope can not be the empty string. However they can still be
the empty string for a malformed message.
If the From, To, Cc, and Bcc header lines are absent in the
header, or are present but empty, the corresponding
member of the envelope is NIL.
If the Sender or Reply-To lines are absent in the
header, or are present but empty, the server sets the
corresponding member of the envelope to be the same value as
the from member (the client is not expected to know to do
this).
Note: requires that all messages have a valid
From header. Therefore, for a well-formed message the from, sender, and reply-to
members in the envelope can not be NIL. However they can be NIL
for a malformed or a draft message.
A parenthesized list of flags that are set for this message.
A string representing the internal date of the message.
A number expressing the size of the message.
A number expressing the unique identifier of the message.
If the server chooses to send unsolicited FETCH responses, they MUST include UID FETCH item.
Note that this is a new requirement when compared to RFC 3501.
The command continuation request response is indicated by a "+" token
instead of a tag. This form of response indicates that the server is
ready to accept the continuation of a command from the client. The
remainder of this response is a line of text.
This response is used in the AUTHENTICATE command to transmit server
data to the client, and request additional client data. This
response is also used if an argument to any command is a synchronizing literal.
The client is not permitted to send the octets of the synchronizing literal unless
the server indicates that it is expected. This permits the server to
process commands and reject errors on a line-by-line basis. The
remainder of the command, including the CRLF that terminates a
command, follows the octets of the literal. If there are any
additional command arguments, the literal octets are followed by a
space and those arguments.
The following is a transcript of an IMAP4rev2 connection. A long
line in this sample is broken for editorial clarity.
The following syntax specification uses the Augmented Backus-Naur
Form (ABNF) notation as specified in .
In the case of alternative or optional rules in which a later rule
overlaps an earlier rule, the rule which is listed earlier MUST take
priority. For example, "\Seen" when parsed as a flag is the \Seen
flag name and not a flag-extension, even though "\Seen" can be parsed
as a flag-extension. Some, but not all, instances of this rule are
noted below.
Note: rules MUST be followed strictly; in
particular:
(1) Except as noted otherwise, all alphabetic characters
are case-insensitive. The use of upper or lower case
characters to define token strings is for editorial clarity
only. Implementations MUST accept these strings in a
case-insensitive fashion.
(2) In all cases, SP refers to exactly one space. It is
NOT permitted to substitute TAB, insert additional spaces,
or otherwise treat SP as being equivalent to LWSP.
(3) The ASCII NUL character, %x00, MUST NOT be used at any
time.
This document is a revision or rewrite of earlier documents, and
supercedes the protocol specification in those documents: RFC 3501, RFC 2060,
RFC 1730, unpublished IMAP2bis.TXT document, RFC 1176, and RFC 1064.
IMAP4rev2 protocol transactions, including electronic mail data, are
sent in the clear over the network unless protection from snooping is
negotiated. This can be accomplished either by the use of IMAPS service,
STARTTLS command,
negotiated privacy protection in the AUTHENTICATE command, or some
other protection mechanism.
IMAP client and server implementations MUST comply with relevant TLS recommendations from .
Additionally, when using TLS 1.2, IMAP implementations MUST implement
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite, and SHOULD implement
the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite. This is
important as it assures that any two compliant implementations can be
configured to interoperate.
Other TLS cipher suites recommended in RFC 7525 are RECOMMENDED:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384.
All other cipher suites are OPTIONAL.
Note that this is a change from section 2.1 of .
During the negotiation, the client MUST check its understanding
of the server hostname against the server's identity as presented in
the server Certificate message, in order to prevent man-in-the-middle
attacks. This procedure is described in .
Both the client and server MUST check the result of the STARTTLS
command and subsequent negotiation to see whether acceptable
authentication and/or privacy was achieved.
The COPYUID and APPENDUID response codes return information about the
mailbox, which may be considered sensitive if the mailbox has
permissions set that permit the client to COPY or APPEND to the
mailbox, but not SELECT or EXAMINE it.
Consequently, these response codes SHOULD NOT be issued if the client
does not have access to SELECT or EXAMINE the mailbox.
In response to a LIST command containing an argument of the Other
Users' Namespace prefix, a server SHOULD NOT list users that have not
granted list access to their personal mailboxes to the currently
authenticated user. Providing such a list, could compromise security
by potentially disclosing confidential information of who is located
on the server, or providing a starting point of a list of user
accounts to attack.
A server error message for an AUTHENTICATE command which fails due to
invalid credentials SHOULD NOT detail why the credentials are
invalid.
Use of the LOGIN command sends passwords in the clear. This can be
avoided by using the AUTHENTICATE command with a mechanism
that does not use plaintext passwords, by first negotiating
encryption via STARTTLS or some other protection mechanism.
A server implementation MUST implement a configuration that, at the
time of authentication, requires:
(1) The STARTTLS command has been negotiated.
OR
(2) Some other mechanism that protects the session from password
snooping has been provided.
OR
(3) The following measures are in place:
(a) The LOGINDISABLED capability is advertised, and
mechanisms (such as PLAIN) using plaintext passwords are NOT
advertised in the CAPABILITY list.
AND
(b) The LOGIN command returns an error even if the password is
correct.
AND
(c) The AUTHENTICATE command returns an error with all
mechanisms that use plaintext passwords, even if the password
is correct.
A server error message for a failing LOGIN command SHOULD NOT specify
that the user name, as opposed to the password, is invalid.
A server SHOULD have mechanisms in place to limit or delay failed
AUTHENTICATE/LOGIN attempts.
Additional security considerations are discussed in the section
discussing the AUTHENTICATE (see )
and LOGIN (see ) commands.
IANA is requested to update "Service Names and Transport Protocol Port Numbers" registry as follows:
Registration for TCP port 143 and the corresponding "imap" service name should be updated to point to this document and RFC 3501.Registration for TCP port 993 and the corresponding "imaps" service name should be updated to point to this document, RFC 8314 and RFC 3501.Both UDP port 143 and UDP port 993 should be marked as "Reserved" in the registry.Additional IANA actions are specified in subsection of this section.
IMAP4 capabilities are registered by publishing a standards track or
IESG approved informational or experimental RFC. The registry is currently located
at:
https://www.iana.org/assignments/imap4-capabilities
As this specification revises the AUTH= prefix, STARTTLS and LOGINDISABLED
extensions, IANA is requested to update registry entries for these 3 extensions
to point to this document.
GSSAPI/Kerberos/SASL service names are registered by publishing a
standards track or IESG approved experimental RFC. The registry
is currently located at:
https://www.iana.org/assignments/gssapi-service-names
IANA is requested to update the "imap" service name previously
registered in RFC 3501, to point to this document.
specifies IANA registration procedures for
LIST Selection Options, LIST Return Options, LIST extended data items.
This document doesn't change these registration procedures.
In particular LIST selection options
and LIST return options are registered
using the procedure specified in Section 9 of
(and using the registration template from Section 9.3 of ).
LIST Extended Data Items are registered using the registration template from Section
9.6 of ).
IANA is requested to add a reference to [RFCXXXX] for the "OLDNAME"
LIST-EXTENDED extended data item entry. This is in addition to
the existing reference to .Augmented BNF for Syntax Specifications: ABNF
Anonymous Simple Authentication and Security Layer (SASL) Mechanism
IANA Charset Registration Procedures
SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms
This document registers the Simple Authentication and Security Layer (SASL) mechanisms SCRAM-SHA-256 and SCRAM-SHA-256-PLUS, provides guidance for secure implementation of the original SCRAM-SHA-1-PLUS mechanism, and updates the SCRAM registration procedures of RFC 5802.
Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field
The PLAIN Simple Authentication and Security Layer (SASL) Mechanism
Content Language Headers
MIME Encapsulation of Aggregate Documents, such as HTML (MHTML)
The Content-MD5 Header Field
MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text
Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies
Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types
MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations
This memo defines extensions to the RFC 2045 media type and RFC 2183 disposition parameter value mechanisms. This memo also defines an extension to the encoded words defined in RFC 2047 to allow the specification of the language to be used for display as well as the character set. [STANDARDS-TRACK]
Internet Message FormatSimple Authentication and Security Layer (SASL)
The Transport Layer Security (TLS) Protocol Version 1.2
UTF-7 A Mail-Safe Transformation Format of UnicodeUTF-8, a transformation format of ISO 10646ISO/IEC 10646-1 defines a large character set called the Universal Character Set (UCS) which encompasses most of the world's writing systems. The originally proposed encodings of the UCS, however, were not compatible with many current applications and protocols, and this has led to the development of UTF-8, the object of this memo. UTF-8 has the characteristic of preserving the full US-ASCII range, providing compatibility with file systems, parsers and other software that rely on US-ASCII values but are transparent to other values. This memo obsoletes and replaces RFC 2279.
Internet Message Access Protocol (IMAP) - MULTIAPPEND Extension
Unicode Format for Network Interchange
The Internet today is in need of a standardized form for the transmission of internationalized "text" information, paralleling the specifications for the use of ASCII that date from the early days of the ARPANET. This document specifies that format, using UTF-8 with normalization and specific line-ending sequences. [STANDARDS-TRACK]
Internationalized Email Headers
Internet mail was originally limited to 7-bit ASCII. MIME added support for the use of 8-bit character sets in body parts, and also defined an encoded-word construct so other character sets could be used in certain header field values. However, full internationalization of electronic mail requires additional enhancements to allow the use of Unicode, including characters outside the ASCII repertoire, in mail addresses as well as direct use of Unicode in header fields like "From:", "To:", and "Subject:", without requiring the use of complex encoded-word constructs. This document specifies an enhancement to the Internet Message Format and to MIME that allows use of Unicode in mail addresses and most header field content.
This specification updates Section 6.4 of RFC 2045 to eliminate the restriction prohibiting the use of non-identity content-transfer- encodings on subtypes of "message/". [STANDARDS-TRACK]
IMAP4 Implementation RecommendationsIMAP4 Multi-Accessed Mailbox Practice
Synchronization Operations for Disconnected IMAP4 Clients
Internet Message Access Protocol InternationalizationInternet Message Access Protocol (IMAP) version 4rev1 has basic support for non-ASCII characters in mailbox names and search substrings. It also supports non-ASCII message headers and content encoded as specified by Multipurpose Internet Mail Extensions (MIME). This specification defines a collection of IMAP extensions that improve international support including language negotiation for international error text, translations for namespace prefixes, and comparator negotiation for search, sort, and thread. [STANDARDS-TRACK]Distributed Electronic Mail Models in IMAP4IMAP Support for UTF-8This specification extends the Internet Message Access Protocol (IMAP) to support UTF-8 encoded international characters in user names, mail addresses, and message headers. This specification replaces RFC 5738.Simple Mail Transfer ProtocolIMAP4 Binary Content Extension
This memo defines the Binary extension to the Internet Message Access Protocol (IMAP4). It provides a mechanism for IMAP4 clients and servers to exchange message body data without using a MIME content-transfer- encoding. [STANDARDS-TRACK]
IMAP4 Access Control List (ACL) ExtensionIMAP4 QUOTA extensionIMAP URL Scheme
IMAP (RFC 3501) is a rich protocol for accessing remote message stores. It provides an ideal mechanism for accessing public mailing list archives as well as private and shared message stores. This document defines a URL scheme for referencing objects on an IMAP server.
This document obsoletes RFC 2192. It also updates RFC 4467. [STANDARDS-TRACK]
IMAP and JMAP Keywords
IMAP Mailbox Name Attributes
Character Set Registrations
IMAP4 Compatibility with IMAP2bisIMAP4 Compatibility with IMAP2 and IMAP2bisInternet Message Access Protocol - Obsolete SyntaxInteractive Mail Access Protocol: Version 2
STANDARD FOR THE FORMAT OF ARPA INTERNET TEXT MESSAGES
Using TLS with IMAP, POP3 and ACAPAn implementation that wants to remain compatible with IMAP4rev1 can advertise both IMAP4rev1
and IMAP4rev2 in its CAPABILITY response/response code. While some IMAP4rev1 responses were removed
in IMAP4rev2, their presence will not break IMAP4rev2-only clients.If both IMAP4rev1 and IMAP4rev2 are advertised, an IMAP client that wants to use IMAP4rev2 MUST
issue an "ENABLE IMAP4rev2" command.Servers advertising both IMAP4rev1 and IMAP4rev2 MUST NOT
generate UTF-8 quoted strings unless the client has issued
"ENABLE IMAP4rev2". Consider implementation of mechanisms
described or referenced in to
achieve this goal.Servers advertising both IMAP4rev1 and IMAP4rev2, and
clients intending to be compatible with IMAP4rev1 servers MUST
be compatible with the international mailbox naming convention
described in the following subsection.Support for the Mailbox International Naming Convention described in this section
is not required for IMAP4rev2-only clients and servers.
By convention, international mailbox names in IMAP4rev1 are specified
using a modified version of the UTF-7 encoding described in .
Modified UTF-7 may also be usable in servers that implement an
earlier version of this protocol.
In modified UTF-7, printable US-ASCII characters, except for "&",
represent themselves; that is, characters with octet values 0x20-0x25
and 0x27-0x7e. The character "&" (0x26) is represented by the
two-octet sequence "&-".
All other characters (octet values 0x00-0x1f and 0x7f-0xff) are
represented in modified BASE64, with a further modification from
that "," is used instead of "/". Modified BASE64 MUST NOT be
used to represent any printing US-ASCII character which can represent
itself. Only characters inside the modified BASE64 alphabet are
permitted in modified BASE64 text.
"&" is used to shift to modified BASE64 and "-" to shift back to
US-ASCII. There is no implicit shift from BASE64 to US-ASCII, and
null shifts ("-&" while in BASE64; note that "&-" while in US-ASCII
means "&") are not permitted. However, all names start in US-ASCII,
and MUST end in US-ASCII; that is, a name that ends with a non-ASCII
ISO-10646 character MUST end with a "-").
The purpose of these modifications is to correct the following
problems with UTF-7:
UTF-7 uses the "+" character for shifting; this conflicts with
the common use of "+" in mailbox names, in particular USENET
newsgroup names.
UTF-7's encoding is BASE64 which uses the "/" character; this
conflicts with the use of "/" as a popular hierarchy delimiter.
UTF-7 prohibits the unencoded usage of "\"; this conflicts with
the use of "\" as a popular hierarchy delimiter.
UTF-7 prohibits the unencoded usage of "~"; this conflicts with
the use of "~" in some servers as a home directory indicator.
UTF-7 permits multiple alternate forms to represent the same
string; in particular, printable US-ASCII characters can be
represented in encoded form.
Although modified UTF-7 is a convention, it establishes certain
requirements on server handling of any mailbox name with an
embedded "&" character. In particular, server implementations
MUST preserve the exact form of the modified BASE64 portion of a
modified UTF-7 name and treat that text as case-sensitive, even if
names are otherwise case-insensitive or case-folded.
Server implementations SHOULD verify that any mailbox name with an
embedded "&" character, used as an argument to CREATE, is: in the
correctly modified UTF-7 syntax, has no superfluous shifts, and
has no encoding in modified BASE64 of any printing US-ASCII
character which can represent itself. However, client
implementations MUST NOT depend upon the server doing this, and
SHOULD NOT attempt to create a mailbox name with an embedded "&"
character unless it complies with the modified UTF-7 syntax.
Server implementations which export a mail store that does not
follow the modified UTF-7 convention MUST convert to modified
UTF-7 any mailbox name that contains either non-ASCII characters
or the "&" character.
For example, here is a mailbox name which mixes English,
Chinese, and Japanese text:
~peter/mail/&U,BTFw-/&ZeVnLIqe-
For example, the string "&Jjo!" is not a valid mailbox
name because it does not contain a shift to US-ASCII
before the "!". The correct form is "&Jjo-!". The
string "&U,BTFw-&ZeVnLIqe-" is not permitted because it
contains a superfluous shift. The correct form is
"&U,BTF2XlZyyKng-".
IMAP4rev2 is incorporates subset of functionality provided by
the BINARY extension , in particular it includes
additional FETCH items (BINARY, BINARY.PEEK and BINARY.SIZE),
but not extensions to the APPEND command. IMAP4rev2 implementations
that supports full RFC 3516 functionality need to also advertise the BINARY
token in the CAPABILITY response.
IMAP4rev2 is incorporates most of functionality provided by
the LIST-EXTENDED extension .
In particular, multiple mailbox patterns syntax is not supported
in IMAP4rev2, unless LIST-EXTENDED capability is also advertised
in CAPABILITY response/response code.
The following is the plan for remaining changes. The plan might change over time.
Revise IANA registration of IMAP extensions and give advice on use of "X-" convention.Add a section on other recommended extensions?The following changes were already done:
Fold in the following extensions/RFC: RFC 5530 (IMAP Response Codes),
UIDPLUS,
ENABLE,
ESEARCH,
SPECIAL-USE (list of new mailbox attributes),
LITERAL-,
NAMESPACE,
SASL-IR,
LIST-STATUS,
SEARCHRES,
IDLE,
MOVE.
Add CLOSED response code (from CONDSTORE).Add support for $Phishing, $Junk, $NonJunk, $MDNSent and $Forwarded IMAP keywords.
Add more examples showing their use?Require all unsolicited FETCH updates to include UID.Update recommendations on TLS ciphers to match UTA WG work (as per RFC 8314, RFC 7525 and RFC 7817).
Fold in the following extensions/RFC:
Base LIST-EXTENDED syntax plus deprecate LSUB (replace it with LIST \Subscribed) minus the requirement to support multiple list patterns,
BINARY (only the FETCH changes on leaf body part and make APPEND related ones optional. See the mailing list discussion).
Add STATUS SIZE (total mailbox size).
Add STATUS DELETED (number of messages with \Deleted flag set).Drop UTF-7, all mailboxes are always in UTF-8.The following changes since RFC 3501 were done so far:
Folded in IMAP UNSELECT (RFC 3691), UIDPLUS (RFC 4315), ESEARCH (RFC 4731),
SEARCHRES (RFC 5182), ENABLE (RFC 5161), IDLE (RFC 2177), SASL-IR (RFC 4959),
LIST-STATUS (RFC 5819) and MOVE (RFC 6851) extensions.
Also folded RFC 5530 and FETCH side of the BINARY extension (RFC 3516).Clarified that server should decode parameter value continuations as described in .
This requirement was hidden in RFC 2231 itself.SEARCH command now requires to return ESEARCH response (SEARCH response is now deprecated).Clarified which SEARCH keys has to use substring match and which don't.Added CLOSED response code from RFC 7162. SELECT/EXAMINE when a mailbox is
already selected now require for the CLOSED response code to be returned.SELECT/EXAMINE are now required to return untagged LIST response.Updated to use modern TLS-related recommendations as per RFC 8314, RFC 7817, RFC 7525.For future extensibility extended ABNF for tagged-ext-simple to allow for bare number64.Added SHOULD level requirement on IMAP servers to support $MDNSent, $Forwarded, $Junk, $NonJunk and $Phishing keywords.Added STATUS SIZE (RFC 8438) and STATUS DELETED.Mailbox names and message headers now allow for UTF-8. Support for Modified UTF-7 in mailbox names
is not required, unless compatibility with IMAP4rev1 is desired.UNSEEN response code on SELECT/EXAMINE is now deprecated.RECENT response on SELECT/EXAMINE, \Recent flag, RECENT STATUS, SEARCH NEW items are now deprecated.Clarified that the server doesn't need to send a new PERMANENTFLAGS response code when a new
keyword was successfully added and the server advertised \* earlier for the same mailbox.Removed the CHECK command. Clients should use NOOP instead.RFC822, RFC822.HEADER and RFC822.TEXT FETCH data items were deprecated.
Clients should use the corresponding BODY[] variants instead.Replaced DIGEST-MD5 SASL mechanism with SCRAM-SHA-256. DIGEST-MD5 was deprecated.LSUB command was deprecated. Clients should use LIST (SUBSCRIBED) instead.resp-text ABNF non terminal was updated to allow for empty text.IDLE command can now return updates not related to the currently selected mailbox state.All unsolicited FETCH updates are required to include UID.Clarified that client implementations MUST ignore response codes that they do not recognize. (Change from a SHOULD to a MUST.)After ENABLE IMAP4rev2 human readable response text can include non ASCII encoded in UTF-8.Earlier versions of this document were edited by Mark Crispin.
Sadly, he is no longer available to help with this work.
Editors of this revisions are hoping that Mark would have approved.Chris Newman has contributed text on I18N and use of UTF-8 in messages and mailbox names.Thank you to Tony Hansen for helping with the index generation.
Thank you to Timo Sirainen, Bron Gondwana, Stephan Bosch and Arnt Gulbrandsen for extensive feedback.
This document incorporate text from RFC 4315 (by Mark Crispin), RFC 4466 (by Cyrus Daboo),
RFC 4731 (by Dave Cridland), RFC 5161 (by Arnt Gulbrandsen),
RFC 5465 (by Arnt Gulbrandsen and Curtis King), RFC 5530 (by Arnt Gulbrandsen),
RFC 5819 (by Timo Sirainen), RFC 6154 (by Jamie Nicolson), RFC 8438 (by Stephan Bosch)
so work done by authors/editors of these documents is appreciated. Note that editors
of this document were redacted from the above list.The CHILDREN return option was originally proposed by Mike Gahrns and Raymond Cheng in .
Most of the information in is taken
directly from their original specification .