10. Author's Note

A server SHOULD have mechanisms in place to limit or delay failed AUTHENTICATE/LOGIN attempts.

RFC 3501 IMAPv4 March 2003

Additional security considerations are discussed in the section discussing the AUTHENTICATE and LOGIN commands.

IMAP4 capabilities are registered by publishing a standards track or IESG approved experimental RFC. The registry is currently located at:

As this specification revises the STARTTLS and LOGINDISABLED extensions previously defined in [IMAP-TLS], the registry will be updated accordingly.