At 17:20 3/02/03 -0800, Randall Gellens wrote: >At 5:43 PM -0500 2/3/03, II Alan W. Rateliff wrote: > >> > RFC 3206 provides an unambiguous means for POP3 servers to inform >>> clients if an error response is due to a credentials problem or >>> something else, allowing clients to not assume a password error is >>> the cause of all errors during authentication. I'm not sure how many >>> clients and servers support it yet, but recent versions of Qpopper do. >> >> Outlook/Express has a habit of asking for a different username and password >> initially, regardless of the actual error. I believe this was intended to >> provide the user with the opportunity to use a different username, but I >> don't fully see the reasoning. >> >> Only after failing to authenticate a POP session a couple or few times does >> it actually give the verbose response from the mailserver. > >The idea of the extended POP response codes in general, and specific >ones such as [SYS] and [AUTH], is to allow the server to clearly >indicate to the client the nature of the error. So, if a user tries >to authenticate while a session is currently active, RFC 2449 >provides the [IN-USE] response code. When the client sees "-NO >[IN-USE]" it knows that the user has another session active. It can >silently retry later, it can present a localized explanatory message, >or whatever else makes sense. > >In case of an actual credential-related error, RFC 3206 provides the >[AUTH] response code. If some resource is temporarily unavailable, >RFC 3206 provides the [SYS/TEMP] code. Etc. > >So asking for a different username and password, without paying any >attention to the response code, doesn't make a lot of sense to me.
Unfortunately this is *exactly* what Outlook Express does :-( It just presents a username and password dialogue with no explanations, despite the [IN-USE] error. Eudora on the other hand, displays the message from the server... Regards, Simon
