IMAP's Core Principle: The Server Is the Mailbox
IMAP was designed around a single architectural insight: email should live on the server, and clients should be windows into that server-side mailbox rather than local stores that happen to be connected. This distinction drives everything about how IMAP behaves.
When you open your email client and see your inbox, IMAP has not necessarily downloaded every message — it has retrieved the message headers (sender, subject, date, size, flags) and displays them. The full message body is fetched only when you open a specific message. This keeps the client lightweight and means that switching to a new device gives you immediate access to your full mail history without any migration step: connect to the server, and all your messages are there.
How IMAP Works: Commands and State
IMAP is a text-based protocol that runs over TCP on port 143 (unencrypted) or 993 (TLS). The client sends tagged commands; the server responds with tagged replies and optional untagged notifications. A typical session begins with the client authenticating using LOGIN or AUTHENTICATE, then selecting a mailbox with SELECT INBOX. The server responds with the number of messages, the number of recent (unseen) messages, and the UIDVALIDITY value that lets the client verify its local cache is still valid.
Core IMAP commands include FETCH (retrieve message headers or bodies), STORE (modify flags on messages), COPY (copy messages between folders), SEARCH (find messages matching criteria), CREATE/DELETE/RENAME (folder management), and EXPUNGE (permanently remove messages flagged for deletion). Each command can affect one message, a range, or a set defined by UIDs — unique identifiers that remain stable across sessions, unlike sequence numbers which shift as messages arrive and are deleted.
Message Flags and Synchronisation
IMAP synchronises state across devices through flags — per-message attributes stored on the server. The standard flags are: \Seen (message has been read), \Answered (reply has been sent), \Flagged (starred or important), \Deleted (marked for removal by EXPUNGE), and \Draft (unsent draft). Providers add custom flags for labels and categories.
When your phone marks a message as read, it sends STORE +FLAGS (\Seen) to the server. Every other IMAP client, on its next synchronisation or IDLE notification, fetches the updated flag state and updates its local display. This is why reading on your phone instantly removes the unread badge on your laptop — the "read" state is on the server, not on any individual device.
IMAP IDLE: Push Notification Without Polling
Traditional email retrieval requires polling: the client reconnects every few minutes and asks whether anything new has arrived. This introduces delay between message delivery and notification. IMAP IDLE (RFC 2177) eliminates this by allowing the server to notify the client proactively.
After authenticating and selecting a mailbox, the client sends the IDLE command. The server acknowledges with a continuation response and holds the connection open indefinitely. When a new message arrives, the server sends an untagged EXISTS notification to all IDLE clients watching that mailbox. The client responds by fetching the new message's headers — typically within one to two seconds of delivery. Most mobile email apps and desktop clients use IMAP IDLE to deliver near-instant email notifications without maintaining dozens of polling connections.
IMAP Folder Hierarchy
IMAP exposes the mail server's folder structure to clients. Folders (called mailboxes in IMAP terminology) can be nested hierarchically, with a separator character (typically "/" or ".") delimiting levels. Standard folders like INBOX, Sent, Drafts, Trash, and Spam are created by convention and often by server configuration, though their exact names vary by provider.
Creating a folder in one IMAP client creates it on the server, making it immediately visible in every other client. Moving a message to a folder on your desktop laptop moves it server-side; your phone sees it in that folder on the next sync. This server-side folder management is what POP3 fundamentally cannot provide — POP3 folders are local constructs invisible to other clients.
IMAP vs POP3 vs Exchange ActiveSync
| Feature | IMAP | POP3 | Exchange ActiveSync |
|---|---|---|---|
| Message storage | Server (permanent) | Downloaded to client | Server (permanent) |
| Multi-device sync | Yes | No | Yes |
| Push notification | Yes (IDLE) | No | Yes (native push) |
| Calendar/contact sync | No (email only) | No | Yes |
| Open standard | Yes (RFC 3501) | Yes (RFC 1939) | No (Microsoft proprietary) |
| TLS port | 993 | 995 | 443 (HTTPS) |
Configuring IMAP in a Mail Client
Most mail clients — Apple Mail, Outlook, Thunderbird, mobile apps — accept the same basic settings: incoming server hostname (e.g., imap.gmail.com), port 993, security type "SSL/TLS" or "implicit TLS", and your full email address as the username. Many clients auto-discover these settings from your email address alone using the provider's autoconfig endpoint.
For outgoing mail, IMAP clients also require SMTP configuration (typically port 587 with STARTTLS or port 465 with TLS) — IMAP itself only handles receiving and organising mail, not sending it. The two protocols work in tandem: SMTP delivers messages to recipients; IMAP retrieves and manages them in your mailbox.
Frequently Asked Questions
Does IMAP keep email on the server?
Yes. IMAP is designed around the principle that the server is the authoritative store for all messages. Clients download copies for display but the server retains the originals. When you delete a message via IMAP, you flag it for deletion on the server — after an EXPUNGE, the server removes it permanently.
What is IMAP IDLE?
IMAP IDLE is an extension (RFC 2177) that allows the server to push notifications to the client in real time rather than requiring polling. After the client sends the IDLE command, the server holds the connection open and sends EXISTS notifications as new messages arrive. This is how mobile mail apps deliver near-instant email notifications.
What port should I use for IMAP?
Always use port 993 with implicit TLS (IMAPS). Port 143 is the original unencrypted port — while some servers accept STARTTLS there, implicit TLS on 993 is simpler and more secure. Modern email providers default to port 993, and some have disabled port 143 entirely.
Is IMAP secure?
IMAP over TLS (port 993) is secure — credentials and message content travel inside an encrypted TLS channel. IMAP without TLS transmits everything in plaintext and should never be used beyond localhost. IMAP itself does not provide end-to-end encryption; for that, PGP or S/MIME operate above the IMAP layer.
What is the difference between IMAP and Exchange?
IMAP is an open RFC-standardised protocol supported by every mail server and client. Microsoft Exchange uses proprietary protocols (MAPI and Exchange ActiveSync) for native clients, adding calendar and contact synchronisation. Most Exchange servers also support IMAP as a compatibility option so non-Microsoft clients can connect.
How does IMAP sync email across devices?
IMAP synchronises by maintaining message flags and folder structures on the server. When your phone marks a message as read, it sets the Seen flag on the server. Your laptop's IMAP client sees the flag change on its next check-in or IDLE notification and updates its display. Folder organisation works the same way — folders live on the server and are visible to every connected client.