Information about Post Office Protocol

In computing, local e-mail clients use the Post Office Protocol version 3 (POP3), an application-layer Internet standard protocol, to retrieve e-mail from a remote server over a TCP/IP connection. Many subscribers to individual Internet service provider e-mail accounts access their e-mail with client software that uses POP3.

Overview

POP3 has made earlier versions of the protocol obsolete, POP (informally called POP1 and POP2). In contemporary usage, the less precise term POP almost always means POP3 in the context of e-mail protocols.

The design of POP3 and its procedures supports end-users with intermittent connections (such as dial-up connections), allowing these users to retrieve e-mail when connected and then to view and manipulate the retrieved messages without needing to stay connected. Although most clients have an option to leave mail on server, e-mail clients using POP3 generally connect, retrieve all messages, store them on the user's PC as new messages, delete them from the server, and then disconnect. In contrast, the newer, more capable Internet Message Access Protocol (IMAP) supports both connected (online) and disconnected (offline) modes of operation. E-mail clients using IMAP generally leave messages on the server until the user explicitly deletes them. This and other aspects of IMAP operation allow multiple clients to access the same mailbox. Most e-mail clients support either POP3 or IMAP to retrieve messages; however, fewer Internet Service Providers (ISPs) support IMAP. The fundamental difference between POP3 and IMAP4 is that POP3 offers access to a mail drop; the mail exists on the server until it is collected by the client. Even if the client leaves some or all messages on the server, the client's message store is considered authoritative. In contrast, IMAP4 offers access to the mail store; the client may store local copies of the messages, but these are considered to be a temporary cache; the server's store is authoritative.

Clients with a leave mail on server option generally use the POP3 UIDL (Unique IDentification Listing) command. Most POP3 commands identify specific messages by their ordinal number on the mail server. This creates a problem for a client intending to leave messages on the server, since these message numbers may change from one connection to the server to another. For example if a mailbox contains five messages at last connect, and a different client then deletes message #3, the next connecting user will find the last two messages' numbers decremented by one. UIDL provides a mechanism to avoid these numbering issues. The server assigns a string of characters as a permanent and unique ID for the message. When a POP3-compatible e-mail client connects to the server, it can use the UIDL command to get the current mapping from these message IDs to the ordinal message numbers. The client can then use this mapping to determine which messages it has yet to download, which saves time when downloading. IMAP has a similar mechanism, using a 32-bit UID (Unique IDentifier) that is required to be strictly ascending. The advantage of the numeric UID is with large mailboxes; a client can request just the UIDs greater than its previously stored "highest UID". In POP, the client must fetch the entire UIDL map.

Whether using POP3 or IMAP to retrieve messages, e-mail clients typically use the SMTP_Submit profile of the SMTP protocol to send messages. E-mail clients are commonly categorized as either POP or IMAP clients, but in both cases the clients also use SMTP. There are extensions to POP3 that allow some clients to transmit outbound mail via POP3 - these are known as "XTND XMIT" extensions. The Qualcomm qpopper and CommuniGate Pro servers and Eudora clients are examples of systems that optionally utilize the XTND XMIT methods of authenticated client-to-server e-mail transmission.

MIME serves as the standard for attachments and non-ASCII text in e-mail. Although neither POP3 nor SMTP require MIME-formatted e-mail, essentially all Internet e-mail comes MIME-formatted, so POP clients must also understand and use MIME. IMAP, by design, assumes MIME-formatted e-mail.

Like many other older Internet protocols, POP3 originally supported only an unencrypted login mechanism. Although plain text transmission of passwords in POP3 still commonly occurs, POP3 currently supports several authentication methods to provide varying levels of protection against illegitimate access to a user's e-mail. One such method, APOP, uses the MD5 hash function in an attempt to avoid replay attacks and disclosure of the shared secret. Clients implementing APOP include Mozilla Thunderbird, Opera, Eudora, KMail and Novell Evolution. POP3 clients can also support SASL authentication methods via the AUTH extension. MIT Project Athena also produced a Kerberized version.

POP3 works over a TCP/IP connection using TCP on network port 110. E-mail clients can encrypt POP3 traffic using TLS or SSL. A TLS or SSL connection is negotiated using the STLS command. Some clients and servers, like Google Gmail, instead use the deprecated alternate-port method, which uses TCP port 995.

Dialog example

RFC 1939 APOP support indicated by <1896.697170952@dbc.mtview.ca.us> here:

S: <wait for connection on TCP port 110> C: <open connection> S: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us> C: APOP mrose c4c9334bac560ecc979e58001b3e22fb S: +OK mrose's maildrop has 2 messages (320 octets) C: STAT S: +OK 2 320 C: LIST S: +OK 2 messages (320 octets) S: 1 120 S: 2 200 S: . C: RETR 1 S: +OK 120 octets S: <the POP3 server sends message 1> S: . C: DELE 1 S: +OK message 1 deleted C: RETR 2 S: +OK 200 octets S: <the POP3 server sends message 2> S: . C: DELE 2 S: +OK message 2 deleted C: QUIT S: +OK dewey POP3 server signing off (maildrop empty) C: <close connection> S: <wait for next connection>

POP3 servers without the optional APOP command expect you to log in with the USER and PASS commands:

C: USER mrose S: +OK User accepted C: PASS mrosepass S: +OK Pass accepted

POP4

While not yet an official standardized mail protocol, a proposal has been outlined for a POP4 specification, complete with a working server implementation.

The proposed POP4 extension adds basic folder management, multipart message support, as well as message flag management, allowing for a light protocol which supports some popular IMAP features which POP3 currently lacks.

No progress has been observed in the POP4 specification since 2003.

SDPS

Demon Internet introduced extensions to POP3 that allow multiple accounts per domain, and has become known as Standard Dial-up POP3 Service (SDPS).[1]

To access each account, the username includes the hostname, as john@hostname or john+hostname.

See also

• Internet Message Access Protocol (IMAP)
• Simple Mail Transfer Protocol (SMTP)
• E-mail client
• webmail
• POP3 clients: getmail, fetchmail
• email encryption

External links

• IANA port number assignments
• POP3 Sequence Diagram (PDF)
• POP4 Proposal Website

POP3 RFCs

• RFC 1939 - "Post Office Protocol - Version 3"
• RFC 2195 - "IMAP/POP AUTHorize Extension for Simple Challenge/Response"
• RFC 2449 - "POP3 Extension Mechanism"
• RFC 1734 - "POP3 AUTHentication command"
• RFC 2222 - "Simple Authentication and Security Layer (SASL)"
• RFC 3206 - "The SYS and AUTH POP Response Codes"
• RFC 2595 - "Using TLS with IMAP, POP3 and ACAP"
• RFC 937 - "POST OFFICE PROTOCOL - VERSION 2"
• RFC 918 - "POST OFFICE PROTOCOL"

Server implementations

• Qpopper
• popa3d
• Dovecot
• Teapop
• Apache James
• Zimbra
• Citadel/UX
• UW IMAP
• Cyrus IMAP server
• qmail-qpop3d
• Eudora Internet Mail Server
• IUPOP3