Are clients expected to support both IMAP and POP then?
| 4.1. Retrieval Server Lookups
| a messaging client which
| only supports one or the other service SHOULD only issue lookups
| for the retrieval service that the client supports, and SHOULD
NOT
| issue lookups for services that are not supported by the
messaging
| client itself.
this doesn't solve the problem of clients acting inconsistently from
one another.
What about
clients for which POP support is good but for which IMAP support
sucks?
That's part of the 10% where SRV would not work reliably. Of course,
none
of the other configuration services would guess that right, either.
maybe what we really need is some expectation of consistency between
POP and IMAP, so that for single folder setups it doesn't matter as
much which one you use.
Assuming you really meant "former", what's a reasonable default for
"leave mail on server"?
What's the default for your favorite client?
I don't know because I always set it explicitly. I don't trust clients
to get the default right.
Well, there are issues like: does the user really want his password
transmitted in cleartext?
TLS support (and SASL mechanisms) can be discovered with a probe. The
protocol specs (mostly) require TLS
neither POP nor IMAP nor SUBMISSION requires TLS.
Obviously, clients should see what
capabilities are offered and choose accordingly,
that's completely wrong from a security standpoint.
Keith