RFC 2192

Document Type RFC - Proposed Standard (September 1997; Errata)
Obsoleted by RFC 5092
Was draft-newman-url-imap (individual)
Author Chris Newman 
Last updated 2020-01-21
Stream Legacy
Formats plain text html pdf htmlized with errata bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2192 (Proposed Standard)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                          C. Newman
Request for Comments: 2192                                      Innosoft
Category: Standards Track                                 September 1997

                            IMAP URL Scheme

Status of this memo

     This document specifies an Internet standards track protocol for
     the Internet community, and requests discussion and suggestions for
     improvements.  Please refer to the current edition of the "Internet
     Official Protocol Standards" (STD 1) for the standardization state
     and status of this protocol.  Distribution of this memo is


     IMAP [IMAP4] is a rich protocol for accessing remote message
     stores.  It provides an ideal mechanism for accessing public
     mailing list archives as well as private and shared message stores.
     This document defines a URL scheme for referencing objects on an
     IMAP server.

1. Conventions used in this document

     The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY"
     in this document are to be interpreted as defined in "Key words for
     use in RFCs to Indicate Requirement Levels" [KEYWORDS].

2. IMAP scheme

     The IMAP URL scheme is used to designate IMAP servers, mailboxes,
     messages, MIME bodies [MIME], and search programs on Internet hosts
     accessible using the IMAP protocol.

     The IMAP URL follows the common Internet scheme syntax as defined
     in RFC 1738 [BASIC-URL] except that clear text passwords are not
     permitted.  If :<port> is omitted, the port defaults to 143.

Newman                      Standards Track                     [Page 1]
RFC 2192                    IMAP URL Scheme               September 1997

     An IMAP URL takes one of the following forms:


     The first form is used to refer to an IMAP server, the second form
     refers to a list of mailboxes, the third form refers to the
     contents of a mailbox or a set of messages resulting from a search,
     and the final form refers to a specific message or message part.
     Note that the syntax here is informal.  The authoritative formal
     syntax for IMAP URLs is defined in section 11.

3. IMAP User Name and Authentication Mechanism

     A user name and/or authentication mechanism may be supplied.  They
     are used in the "LOGIN" or "AUTHENTICATE" commands after making the
     connection to the IMAP server.  If no user name or authentication
     mechanism is supplied, the user name "anonymous" is used with the
     "LOGIN" command and the password is supplied as the Internet e-mail
     address of the end user accessing the resource.  If the URL doesn't
     supply a user name, the program interpreting the IMAP URL SHOULD
     request one from the user if necessary.

     An authentication mechanism can be expressed by adding
     ";AUTH=<enc_auth_type>" to the end of the user name.  When such an
     <enc_auth_type> is indicated, the client SHOULD request appropriate
     credentials from that mechanism and use the "AUTHENTICATE" command
     instead of the "LOGIN" command.  If no user name is specified, one
     SHOULD be obtained from the mechanism or requested from the user as

     The string ";AUTH=*" indicates that the client SHOULD select an
     appropriate authentication mechanism.  It MAY use any mechanism
     listed in the CAPABILITY command or use an out of band security
     service resulting in a PREAUTH connection.  If no user name is
     specified and no appropriate authentication mechanisms are
     available, the client SHOULD fall back to anonymous login as
     described above.  This allows a URL which grants read-write access
     to authorized users, and read-only anonymous access to other users.

     If a user name is included with no authentication mechanism, then
     ";AUTH=*" is assumed.

Newman                      Standards Track                     [Page 2]
RFC 2192                    IMAP URL Scheme               September 1997

     Since URLs can easily come from untrusted sources, care must be
     taken when resolving a URL which requires or requests any sort of
     authentication.  If authentication credentials are supplied to the
     wrong server, it may compromise the security of the user's account.
     The program resolving the URL should make sure it meets at least
     one of the following criteria in this case:

     (1) The URL comes from a trusted source, such as a referral server
     which the client has validated and trusts according to site policy.
     Note that user entry of the URL may or may not count as a trusted
     source, depending on the experience level of the user and site
Show full document text