Sigh. I guess that I have to answer this. The statement that UW imapd is "insecurity [sic] by design (it was not created with security in mind" is silly. That's like saying that scp and ssh are "insecure by design" -- after all, you can do: scp somesystem:/etc/passwd haha to any system that gives you access.
Whenever you install any service which allows named access to files, you have to review what that service's access control rules are and assume, unless told otherwise, that only the operating system's access controls are in effect. With UW imapd, that assumption is correct. By default, only the operating system's access controls are in effect. UW imapd adds no additional access controls. If you want additional access controls in UW imapd over and above what the operating system provides, you must add them. The FAQ documents ways that this can be done. For many systems, no additional access controls are needed or desired. The web page FAQ documents some mechanisms for additional access controls that are new in imap-2002. The FAQ was rewritten in HTML for imap-2002 (a great relief to our web mistress who was getting tired of repeatedly hacking the text FAQ into a form suitable for the web page!), and thus the web page FAQ is slightly ahead of the release version. However, you can get the current development snapshot of imap-2002 from: ftp://ftp.cac.washington.edu/mail/imap-2002.DEV.tar.Z The bit about Cygwin and \ checking is a Cygwin issue. \ is an ordinary filename character in UNIX, not a directory delimiter. If Cygwin is to emulate the UNIX environment under Windows it must emulate UNIX's \ as well. It is not the responsibility of UNIX programs to know about Windows directory delimiters. There is a separate Windows port of the IMAP toolkit which does not use Cygwin; instead, it uses native Windows and C library calls and uses the Windows \ delimiter. However, as the documentation indicates, UW imapd built for Windows is not intended as a plug-and-play Windows IMAP server but rather as a basis for developing a Windows IMAP server. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate.