On 16.07.2024 at 16:32 postfix--- via mailop wrote: use case: I understand the benefit of iPhone (and Android) email client storing the access credentials on Apple's (or Google) server so that the server polls IMAP and only wakes up the phone if there is actual mail to be fetched.
It’s news to me that the iOS email app would be storing mailbox credentials on Apples servers. To reference another message from today: Do you have any evidence or factual articles which support this claim? As far as I know Apples mail app on iOS does not use IMAP IDLE, nor does their server infrastructure. The only way that I know of to receive instant notifications for an IMAP account on iOS is that the *server* side registers for the Apple Push Notification Service, which allows it to relay wake up calls to the client for folders that the client subscribed to via Apples proprietary XAPPLEPUSHSERVICE IMAP extension. Using this method Apples servers do not poll or access your mailbox in any way and do not need credentials for doing so. Source: https://github.com/freswa/dovecot-xaps-daemon That being said there are indeed other MUAs like Microsofts Outlook app or others mentioned in this thread that send your login credentials to the manufacturer of the app. However those apps in general do not only use the credentials for an IMAP IDLE connection but they actually download the messages from your mailbox. Source: https://support.microsoft.com/en-us/office/sync-your-account-in-outlook-to-the-microsoft-cloud-985f9e19-d308-4e85-9d1d-0c6f32f8e981<https://support.microsoft.com/en-us/office/sync-your-account-in-outlook-to-the-microsoft-cloud-985f9e19-d308-4e85-9d1d-0c6f32f8e981?ui=en-us&rs=en-us&ad=us> So restricting their access will not work. Instead of implementing fine grained, source IP based access control lists for undocumented IP addresses that can change at any point in time I‘d recommend to move to another MUA with more respect for the privacy of its users. — BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
