You are right, but where is the logic then to check just for the well-known urls in combination with an account added via email/password?
You’re right, at the moment, the domain part of the email address is not tried.
For service discovery by URL, there is
if (principalUrl == null)
// still no principal URL, try service discovery with "domain" = user-given host name
domain = baseURI.getHost();
but this fallback is missing for discovery by email addresses. This is by intention, but maybe it would make sense to try whether the domain part is a valid host name:
RFC 6764 Client “Bootstrapping” Procedures:
If an SRV record is not found, the client will need to prompt the user to enter the FQDN and port number information directly or use some other heuristic, for example, using the extracted “domain” as the FQDN and default HTTPS or HTTP port numbers. In this situation, clients MUST first attempt an HTTP connection with TLS.
Davdroid recognized the redirect, but in the end still used “example.com” as FQDN, even though there was a redirect to another, in this case, subdomain.
Your server has returned
https://firstname.lastname@example.org/ as the principal URL. DAVdroid trusts this information and will use this principal URL. It follows redirects, but only for a single request – the principal URL will not change, as it has been queried explicitly.