A Deep Dive Into IMAP: What Is It and How Does it Work?

On January 26, 2024
6min read
Ivan Djuric, an author at Mailtrap
Ivan Djuric Technical Content Writer @Mailtrap

Considering the times we live in, chances are that a day doesn’t go by without us receiving an email or two. But have you ever wondered how your emails reach your inbox?

One of the protocols responsible for fetching our messages is called IMAP. Although it might seem difficult to understand at first, don’t worry — I’ve got your back.

Today, I’ll explain the IMAP protocol in detail and show you the optimal methods of testing how it works, so you can check it out yourself.

What is IMAP?

IMAP, short for Internet Message Access Protocol, is a protocol that enables email clients to access and retrieve messages from servers over TCP/IP connection.

It was created by Mark Crispin in 1986 as an alternative to Post Office Protocol (POP), which was used to download messages from the email server to the local device. Unlike POP, IMAP works similarly to cloud email, as, instead of locally, it stores your messages, folder structure, etc., on the mail server.

Nowadays, we use the protocol’s fourth version, IMAP4, which introduced some quality-of-life features like mailbox management and message flogging. More precisely, we use the protocol’s first revision, IMAP4rev1, which is more refined than its predecessor and is defined by RFC 3501.

How does IMAP work?

  • IMAP defines how servers receive the sent emails through a series of commands
  • The recipient’s mail client connects to the server where the email is stored
  • The recipient sees the displayed email headers via the client 
  • IMAP downloads a copy of a particular message that the recipient chooses to open
A diagram illustrating how IMAP works and showing how an email client interacts with the server to receive and manage emails with IMAP.

Let’s look at it this way: think of the IMAP server as a library and your email client as a library card.

You would see a catalog (email headers) of books (emails) when you ‘log in’ with your card. 

You can request to see any books (open and download email messages), but since it’s maintained and updated by the librarian (IMAP server), the library catalog remains consistent whether you access it from your phone or laptop.

Your messages remain on the server unless you specifically want to download them, but you can nonetheless delete them as you wish.
Keep in mind that IMAP is a “pull protocol,” meaning it only retrieves incoming mail. If you’d like to learn more about a protocol used for sending email, read about Simple Mail Transfer Protocol (SMTP).

What IMAP is used for

IMAP has many functionalities, and it can help you:

  • Automate email interactions – IMAP can help you automatically organize emails into folders, filter spam, trigger specific actions within the app based on email content, etc.
  • Build integrated systems – If you’re working on CRM systems, helpdesk software, enterprise communications tools, and other applications that integrate communication channels, understanding IMAP can go a long way.
  • Process emails on the server side – In situations where backend email processing is important, such as extracting email data or scanning for specific criteria, IMAP can give you more than enough flexibility and control to do so.

The types of IMAP servers

IMAP servers can either be:

  • Self-managed IMAP servers – A server that you set up and manage on your own hardware or infrastructure, where the IMAP protocol is installed and configured.
  • Managed IMAP – Managed IMAP servers are operated and maintained by third-party providers like Gmail, Yahoo, etc.

If you are looking for more control, customization options, and better integration capabilities with internal systems and databases for your customized solution, then the self-hosted IMAP servers are a no-brainer for you. But remember that self-managed servers are hard to set up and run.

Here’s what a Reddit user had to say about self-managed IMAP servers:

A screenshot of a comment from a Reddit user on self hosted email servers.

Whereas if you want to build an integrated system and automate email interactions for instance, you should consider Gmail as it offers APIs and various integration options you can use for these purposes. And don’t forget the reduced burden of maintaining the server infrastructure that comes with provider-based services.

Self-managedManaged (by the 3d party)
Difficult to set upEasy to set up
Data is stored on dedicated storage within the organizationData is stored on the cloud
Complete autonomy over configurationsUser-friendly 
Tailorable server settings and security measuresMaintenance-free
Cost-effective for large user basesHigh uptime and robust infrastructure
Better integration capabilitiesEasily scalable to accommodate your needs
Full control over data storage and security protocolsAccess to customer support and updates

Pros and cons of IMAP

Whether you plan to implement IMAP into your software projects or opt for integrating Gmail API, familiarizing yourself with the advantages and disadvantages of IMAP is crucial.

Here’s a breakdown of its pros and cons by Yaroslav, our deliverability expert, to lend you a hand.

Pros

  • Seamless email management – As I’ve previously mentioned, IMAP allows you to access your inbox from anywhere and from different devices. On top of that, you can create multiple folders and subfolders, making it super easy to navigate your messages.
  • Server-side storage – Because all new emails are stored on the servers instead of being downloaded locally, your data will be safer if your device gets compromised.
  • Optimized bandwidth consumption – In the case of IMAP, only headers are downloaded from the server, not the full message. So, if you never open a certain email, its body and attachments won’t be downloaded, saving bandwidth in turn.
  • Synchronization across devices – Any changes made on a single device are updated in real-time on another. So, for instance, if you delete an email on your phone, it will be deleted on your client when you try to access it from a desktop.
  • Support from various clients – Nowadays, the majority of popular email apps like Gmail, Microsoft Outlook, Thunderbird etc., support IMAP and its advanced functions, allowing you to use it hassle-free.
  • Increased security – Emails are usually transmitted over encrypted connections when it comes to IMAP, which enhances your security, especially if you use public Wi-Fi, for instance.

Cons

  • Limited storage – Your storage space depends mostly on your chosen email service provider. However, this can be easily solved as most email providers offer upgrades and different storage plans.
  • Potentially slower – As IMAP constantly interacts with the server to synchronize mail data, it can be slower than POP3, for example, especially in cases where the mailbox is large or the internet connection isn’t as fast.
  • Internet dependency – Because you need to be connected to the Internet to access your emails, you won’t be able to manage them if you’re offline or if the server is down , unless you downloaded your new messages beforehand.
  • Vulnerable to cyberattacks – Although increased security is a notable benefit of IMAP connection due to encrypted transmissions, it’s worth noting that cybercriminals often attack passwords. Luckily, you can easily protect yourself with multi-factor authentication. Additionally, employing user activity monitoring tools can provide another layer of security by detecting suspicious login attempts or unusual access patterns.

IMAP ports

If you opt for IMAP email protocol, understanding its ports, communication endpoints responsible for moving email data between servers, is crucial. It will allow you to configure firewalls and security software, troubleshoot email connectivity issues, etc.

I’ve compiled a table for you. Take a look:

Port 143Port 993
The default, non-encrypted IMAP port numberThe encrypted port, also known as IMAPS, used for communications over an SSL/TLS connection
Less secure than 993 as it’s non-encrypted, meaning that usernames, passwords, or other sensitive information is vulnerable to cyber attacksBeing a more secure port, IMAPS ensures data is encrypted during transmission, which is a notable layer of security
Often used in internal networks where encryption isn’t a concernUsed as a standard by most webmail service providers

IMAP settings

Okay, now that you have a general idea of what IMAP is and how it works, why don’t we test it out by connecting to an email account and using some simple IMAP commands?

For this, I went with OpenSSL, which can create secure connections using SSL/TLS and protect your sensitive data when you send it in plaintext over the network.

Although many people use Outlook, Yahoo, or Apple Mail, for OpenSSL, I’ll use Gmail as an example here as it’s the most widely used service provider and, personally, I think, the most convenient.

So, just follow the next few steps:

  1. Install the latest version of OpenSSL
  2. Launch your command line interface
  3. Use the command openssl s_client -connect imap.gmail.com:993 -crlf to connect to IMAP server
    • If you want to test IMAP with another provider, like Outlook, simply replace gmail.com with the desired domain name in the command
    • If you use Windows OS, you should omit -crlf as it can lead to an error due to double conversion
  4. Wait for the server to display a greeting message
  5. Type CAPABILITY to request the server’s capabilities
  6. Use LOGIN “yourusername yourpassword” with your IMAP credentials
    • When signing in, make sure to use an account that has 2-Step Verification
    • Additionally, you must enable IMAP in the “IMAP access” section of your Google account settings
    • You also shouldn’t use your regular password, but instead your app password 
    • Last but not least, make sure there are no spaces in between any of the 16 characters generated in the provided password
  7. After successful login, type LIST “” “*” to list all folders.
  8. Use SELECT “INBOX” to open a specific folder.
  9. Fetch emails with a command like FETCH 1 FULL, where 1 is the message number
    • Replace 1 with the specific message number you wish to fetch 
    • FULL fetches the entire message data
  10. End the session with LOGOUT

Remember to add a unique tag in front of every command, such as “tag1, tag2, tag3” or “a1, a2 a3”, etc. For example: tag3 SELECT INBOX.

Learn more about email protocols

And that’s a wrap! 🌯

We’ve gone over how IMAP protocol works, what it’s used for, its pros and cons, and showed you how to test it out efficiently. Hopefully, you have a clearer picture of this ever-so-popular protocol.

IMAP is just a part of a greater email infrastructure that should serve the purpose of delivering your emails to recipient’s inboxes. Mailtrap email delivery platform, together with Email Testing and Email SMTP/API service accommodates the needs of any type of senders and delivers just in time.

Interested in learning more about email infrastructure? Check out our article on the differences between IMAP, POP3, and SMTP email protocols, which can help you choose the best protocol for your needs. Or tune into our dedicated video!

Thanks for reading!

Ivan Djuric, an author at Mailtrap
Article by Ivan Djuric Technical Content Writer @Mailtrap

I’m a Technical Content Writer with 5 years of background covering email-related topics in tight collaboration with software engineers and email marketers. I just love to research and share actionable insights with you about email sending, testing, deliverability improvements, and more. Happy to be your guide in the world of emails!