
Show HN: IMAP API – Self-hosted access to IMAP over REST - andris9
https://imapapi.com/
======
dochtman
Any IMAP over REST API should just implement JMAP (RFC 8620 and 8621).

~~~
andris9
There is only a handful of IMAP server implementations and there are going to
be even fever JMAP servers. It is super bloated, the RFCs 8620 and 8621 are
already 200 pages in total. Not an easy thing to integrate with.

~~~
brongondwana
To be fair, RFC3501 is 108 pages, and the bis (draft-ietf-extra-imap4rev2-12)
is 157 pages. It's a complex problem space.

I'm looking forward to getting JMAP Calendars and JMAP Contacts done, at which
point is becomes a much more compelling replacement for multiple protocols.

~~~
toomuchtodo
Anything we can do to help in getting those other extensions done?

~~~
brongondwana
The next IETF meeting is in Vancouver in late March - we'll be discussing them
there. Other than that, get involved on the mailing list, and help review the
documents!

[https://datatracker.ietf.org/group/jmap/meetings/](https://datatracker.ietf.org/group/jmap/meetings/)

[https://www.ietf.org/mailman/listinfo/jmap](https://www.ietf.org/mailman/listinfo/jmap)

[https://datatracker.ietf.org/doc/draft-ietf-jmap-
calendars/](https://datatracker.ietf.org/doc/draft-ietf-jmap-calendars/)

[https://datatracker.ietf.org/doc/draft-ietf-jmap-
jscontact/](https://datatracker.ietf.org/doc/draft-ietf-jmap-jscontact/)

------
nolok
Can anyone tell me if the license as given

> Licensed for evaluation use only

Is clear enough in legal terms for what can or cannot be done ? I assume it
means it's free to use to test it and see how it works, but not for anything
else ? Does that cover the code too ?

~~~
andris9
It mostly means I haven’t yet figured out which kind of license/terms to use
for this project. TBD.

~~~
grizzles
Thanks for your work in this area. A couple questions.

How is this different to the wilduck webmail api?

Would it be hard to abstract away the wildduck storage code to use a datastore
other than mongodb?

~~~
andris9
WildDuck API exposes database structures from MongoDB, IMAP API is more like a
proxy in front of any IMAP server.

WildDuck is pretty much coupled with MongoDB. IMAP is not very easily
abstractable and keeping the result scalable at the same time. Largest
WildDuck cluster in production manages 20TB (~20k accounts) of email by now
with no special config or modifications - making it scalable was the main goal
from the start and supporting arbitrary storage would not have helped.

------
tdhz77
I’ve heard imap is insecure. I’ve disabled it by default but this is
intriguing. Anybody have any more information on imap security?

~~~
dspillett
Any references for where you've heard this? Then we can check the claims and
perhaps reassure you or suggest workarounds. What are you using instead?

IMAP is on its own insecure because it is a plain protocol, but it can be used
in conjunction with TLS to add secure transport. _Exactly_ the same can be
said for many other mail protocols such as POP3.

~~~
revicon
Google spreads a lot of FUD (right or wrong) about anything that doesn’t use
their oAuth.

[https://www.zdnet.com/article/google-were-banning-these-
inse...](https://www.zdnet.com/article/google-were-banning-these-insecure-
apps-from-connecting-to-g-suite-accounts/)

