Post Office Protocol

The Post Office Protocol ( POP) is a communication protocol that allows a client e -mails can pick from an e- mail server. Version 3 (POP3 ) is described in RFC 1939. POP3 is an ASCII protocol, the control of the data transfer is done by commands that are sent to the default port 110.

POP3 is very limited in functionality and only allows listing, fetching and deleting e -mails in the E -mail server. For more functionalities such as hierarchical mailboxes directly on the mail server, access to multiple mailboxes during a session, pre-selection of e- mails, etc. protocols such as IMAP must be used.

As a counterpart to POP3 is for sending e -mails usually implemented in the client and server Simple Mail Transfer Protocol (SMTP).


For the first time the Post Office Protocol described in RFC 918 in October 1984. Already in February 1985 was followed by the POP2 described in RFC 937 before POP3 first appeared in RFC 1081 in November 1988.

POP3 corresponds POP and POP2 in the basic form. The procedure of mail retrieval differs primarily from the fact that the need for readiness to receive the client disappears and the correct reception of mail no longer needs to be confirmed. The lower complexity and the presence of " summary commands ," such as STAT and LIST include the features of POP3. Also POP3 from the beginning described in more detail and more detail.

For POP4 a proposal, including functioning server deployment, set forth. This proposal contains elemental directory management, support for multi-part messaging and message markings, what a simple protocol allows to retrofit some popular IMAP features that are missing in POP3. Since 2003, no further progress in the development of POP4 could be observed.

POP3 clients

The POP3 protocol is integrated in all popular e - mail programs.

POP3 server

Thus, the mail server can respond to requests via POP3 Appropriate POP3 server software must be installed.

In Windows e -mail server, the POP3 server (eg mail server from Windows Server 2003 or Server software, such as Microsoft Exchange or Lotus Domino ) integrated into the appropriate email server package be. In Mercury/32 the POP3 functionality is available as a module. Other software vendors may provide other solutions.

In the Unix world there include the following POP3 server software:

  • Courier- pop
  • Cyrus- pop3d (part of the Cyrus mail server software )
  • Dovecot
  • Ipopd
  • Popa3d
  • Qpop3d (part of qmail )
  • Qpopper
  • Ipop3d (from the IMAP Toolkit Environment by Mark Crispin )
  • Citadel / UX

Advantages and disadvantages of POP3

  • There is no permanent connection to the mail server required
  • The connection is established and terminates when required by the client
  • After registration, all the e- mails are downloaded from the mail server
  • Log data is transmitted in plain text
  • A synchronization between the client does not occur. If an email is deleted or marked as "read", this information is not transmitted to other mail clients.


Standard commands ( on each server available):

Optional Commands ( server-dependent ):

To test POP3 connections, the commands can be sent directly to the port 110 using a Telnet program and the responses of the POP3 server are checked. ( For this example, type under Windows or Linux telnet pop3 in the command prompt or in the console. Domain and port are separated by spaces and not by a colon. )

A typical POP3 session between the server and client might look like this:



As SMTP POP3 is quite simple. It assumes the user via user name and password authentication. Username and password are transmitted unprotected plain text. This provides attackers with undetected access to the mailbox and is a glaring security hole. To secure authentication, there are various extensions. Remedy available at many servers mounted using SASL mechanisms and the APOP also defined in the standard. When using APOP password is not transmitted in clear text. Instead, the server transmits the beginning of the meeting a time stamp. The e-mail client is calculated from this and the password MD5 hash value is then transmitted to the server. If the server to the same result, the login process is considered successful.


The transmission of authentication data, the POP3 commands and the message itself can be encrypted and completely over SSL / TLS. Here, the STARTTLS method is an alternative ( the command is STLS ) on the standard TCP port 110 or POP3 over SSL ( POP3S ) on TCP port 995.