On Jan 6, 2015, at 11:38 AM, Reindl Harald h.reindl@thelounge.net wrote:

this is nonsense for several reasons:

• both of our email contain a dot in the local part
• in case of dictionary attacks you make them

easier with "result in the same user"

• any "arbitrary" char in the username makes a failed login more likely
• if you consider a attack to the dovecot backend you can be sure that

dovecot has less secure holes as your whole httpd/php/rc-stack

Thanks for your opinion. Gmail does this very "nonsense"...

-- Robert inoc.net!rblayzor http://inoc.net/