diff --git a/Changelog.draft.rst b/Changelog.draft.rst
index 1b1e644..632586b 100644
--- a/Changelog.draft.rst
+++ b/Changelog.draft.rst
@@ -20,6 +20,10 @@ New Features
   future. Starting with this version, OfflineImap will be
   forward-compatible with the per-account locking style.
 
+* Implement RFC 2595 LOGINDISABLED. Warn the user and abort when we
+  attempt a plaintext login but the server has explicitly disabled
+  plaintext logins rather than crashing.
+
 Changes
 -------
 
@@ -30,8 +34,3 @@ Bug Fixes
 
 * New emails are not created with "-rwxr-xr-x" but as "-rw-r--r--"
   anymore, fixing a regression in 6.3.4.
-
-Pending for the next major release
-==================================
-
-* UIs get shorter and nicer names. (API changing)
diff --git a/offlineimap/imapserver.py b/offlineimap/imapserver.py
index 5d2d108..506f886 100644
--- a/offlineimap/imapserver.py
+++ b/offlineimap/imapserver.py
@@ -262,6 +262,12 @@ class IMAPServer:
                                 except imapobj.error, val:
                                     self.plainauth(imapobj)
                             else:
+                                # Use plaintext login, unless
+                                # LOGINDISABLED (RFC2595)
+                                if 'LOGINDISABLED' in imapobj.capabilities:
+                                    raise OfflineImapError("Plaintext login "
+                                       "disabled by server. Need to use SSL?",
+                                        OfflineImapError.ERROR.REPO)
                                 self.plainauth(imapobj)
                         # Would bail by here if there was a failure.
                         success = 1