I 100% agree, that having this information earlier is beneficial.
Anyway, having iPhone/Mac OS X/iPad Mail, Microsoft Outlook,
Thunderbird, and others sending ID only after authentication kind of
leaves everyone in the dark.
On 2020-07-30 20:10, Brandon Long wrote:
There's nothing that prevents a server from holding onto the ID and
logging it after login if you think you don't want it from before for
some reason.
or, if you're really concerned with too much logging from non-signed
in sessions, then implement an actual rate limit instead of just never
logging them.
There is definite utility in having the information earlier.
Brandon
On Thu, Jul 30, 2020 at 9:31 AM Andrew C Aitchison via mailop
<mailop@mailop.org <mailto:mailop@mailop.org>> wrote:
On Thu, 30 Jul 2020, Edgaras Lukoševičius via mailop wrote:
> I have started digging after your response, and they are sending
ID! But they
> are sending ID before authentication, our IMAP proxy seems to be
dropping ID
> command if user is not authenticated.
> So that behavior seems legitimate, but in my opinion ID should
be sent after
> authenticating.
Useful to have that info when users report authentication failures.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
<mailto:and...@aitchison.me.uk>_______________________________________________
mailop mailing list
mailop@mailop.org <mailto:mailop@mailop.org>
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
<https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop>
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
