anavem.
Back to Glossary
I

IMAP (Internet Message Access Protocol)

IMAP is an email protocol that allows users to access and manage messages stored on a mail server without downloading them locally by default.

What is IMAP?

Internet Message Access Protocol (IMAP) is an email protocol used by clients (desktop, mobile, webmail) to read and manage emails directly on the server. Unlike protocols that download messages to a device, IMAP keeps emails centralized, enabling consistent access across multiple devices. IMAP is widely used in modern email services and enterprise environments.

Why IMAP matters

IMAP is important because it:

  • Keeps email synchronized across devices
  • Preserves server-side folders (Inbox, Sent, Archive)
  • Supports concurrent access from multiple clients
  • Reduces data duplication on endpoints
  • Fits cloud-based and remote work models

For most users, IMAP is the preferred protocol over POP3.

How IMAP works (simplified)

A typical IMAP interaction:

  1. The client connects to the mail server
  2. Messages and folders are listed from the server
  3. Headers are fetched first; bodies on demand
  4. Actions (read, move, delete) sync back to the server
  5. Changes appear instantly on other devices

IMAP operations are stateful and server-centric.

IMAP vs POP3

AspectIMAPPOP3
StorageServer-sideClient-side
Multi-deviceYesLimited
SyncReal-timeNo
Offline usePartialStrong
Modern usagePreferredLegacy/simple

IMAP is better suited for today's multi-device workflows.

IMAP ports and security

Common IMAP configurations:

  • Port 143 – IMAP (STARTTLS)
  • Port 993 – IMAPS (IMAP over TLS)

Best practice is to use IMAP over TLS (port 993) to encrypt credentials and messages in transit.

IMAP and security

From a security standpoint:

  • IMAP credentials must be protected with TLS
  • Weak authentication (basic auth) increases risk
  • Compromised IMAP access can enable data exfiltration
  • IMAP is often targeted after phishing attacks

Modern setups combine IMAP with MFA and app-specific passwords or move to OAuth-based auth where supported.

IMAP in enterprise environments

Organizations use IMAP for:

  • User mailbox access across devices
  • Integration with mobile email clients
  • Legacy application compatibility
  • Transitional access during migrations

Many enterprises are gradually replacing IMAP with API-based access for better security and control.

Common misconceptions

  • "IMAP downloads all emails to the device"
  • "IMAP is insecure by default"
  • "IMAP replaces SMTP"
  • "IMAP is obsolete"