User-Agent: Opera/9.24 (X11; Linux x86_64; U; en) Build Identifier: 2.0.0.6 I would like to be able to tell Thunderbird to purge the IMAP header and message cache on exit. I don't want my IMAP header and message cache to be on the disk after I close Thunderbird. Reproducible: Always Steps to Reproduce: 1. Open Thunderbird, create IMAP account, log in (don't store password), subscribe folders, read mail. 2. Close Thunderbird. 3. Open Thunderbird. Actual Results: It will now display the cached IMAP folders and message headers from the last session, without having typed your password yet. Expected Results: Thunderbird should not display folders and message headers for an IMAP account before user has successfully logged on to the IMAP server. Ideally, no IMAP folders, messages or headers should be stored if this is set in Preferences.

Or having clear private data like FF does have.

Emre, thoughts?

Personally I think this is a security issue. Your everyday IMAP user expects his mail to be stored, securely (password protected) on the remote server. It is not uncommon to have an IMAP set-up on a "warzone" laptop that is not physically protected. One would then expect, for security's sake, that when exiting Thunderbird the IMAP cache is purged by default. Otherwise, physical access to the machine would allow access to mail, which to my view is a violation of password level security. Only if the user confirms that the computer is physically protected, i.e. by selecting an option like "Store mail in unsecured cache on local disk for faster access" which should be off by default, then the cache may be preserved beyond application exit. A stricter security argument could be that the local HD may, hypothetically, be in a network share (this would be ususual), so any local caching of data that is assumed to be securely stored (such as IMAP data) would be a security violation. In this stricter view, the whole IMAP cache should be disabled by default, or there should at least be an option to disable it.

Also, a lot of the noise under bug 318697 can reasonably be put down to this bug 402730, so I would recommend urgent action here! I am refraining from posting any reference to this bug under bug 318697 to avoid attracting unconstructive discussion. :-)