IMAP/POP Authentication Process

1. Depending on your mail server configuration, a user enters their username ( joe ) or email address ( joe@example.com ) and passphrase into the web UI login page. You can modify the Login Page Message to tell your users whether they should enter a full email address or just their username (see Configuring End-User Access to the Spam Quarantine).
2. The spam quarantine connects to the IMAP or POP server and uses the entered login (either username or email address) and passphrase to try to log into the IMAP/POP server. If the passphrase is accepted then the user is considered authenticated and the spam quarantine immediately logs out of the IMAP/POP server.
3. Once the user is authenticated, the spam quarantine lists email for the user, based on the email address:
   • If you have configured the spam quarantine to specify a domain to append to bare usernames (like joe ), then this domain is appended and that fully qualified email address is used to search for matching envelopes in the quarantine.
   • Otherwise, the spam quarantine uses the entered email address to search for matching envelopes.

For more information about IMAP, see the University of Washington web site:

http://www.washington.edu/imap/