Post Office Protocol

from Wikipedia, the free encyclopedia
POP3 (Post Office Protocol Version 3)
Family: Internet protocol family
Operation area: Collecting email from the provider
Port: 110 / TCP
995 / TCP (encrypted)
POP3 in the TCP / IP protocol stack :
application POP3
transport TCP
Internet IP ( IPv4 , IPv6 )
Network access Ethernet Token
FDDI ...
Standards: RFC 1939 (POP3, 1996)

The Post Office Protocol ( POP ) is a transmission protocol that a client can use to pick up e-mails from an e-mail server . Version 3 ( POP3 ) is described in RFC 1939 . POP3 is an ASCII protocol , whereby the data transmission is controlled by commands that are sent to port 110 as standard .

POP3 is very limited in functionality and only allows the listing, retrieval and deletion of e-mails on the e-mail server. For further functionalities such as hierarchical mailboxes directly on the mail server, access to several mailboxes during a session, preselection of e-mails, etc., protocols such as IMAP must be used.

As a counterpart to POP3, the Simple Mail Transfer Protocol (SMTP) is usually implemented in clients and servers for sending e-mails .


The Post Office Protocol was first described in RFC 918 in October 1984 . POP2, described in RFC 937 , followed in February 1985 , before POP3 first appeared in RFC 1081 in November 1988 .

POP3 corresponds to POP and POP2 in the basic form. The procedure for retrieving e-mails differs mainly in that the client does not need to be ready to receive and the correct receipt of an e-mail no longer needs to be confirmed. The lower complexity and the presence of "overview commands" like STAT and LIST are among the features of POP3. POP3 is also described more precisely and in greater detail from the start.

A proposal was made for POP4, including a functioning server implementation. This proposal includes basic directory management, support for multi-part messaging, and message marking, which provides a simple protocol to add some popular IMAP features that POP3 lacks. No progress in the development of POP4 has been observed since 2003.

POP3 clients

The POP3 protocol is integrated in all popular e-mail programs .

POP3 server

Appropriate POP3 server software must be installed so that the mail server can answer inquiries via POP3.

In the case of Windows e-mail servers, the POP3 server can be integrated into the corresponding e-mail server package (e.g. in the Windows Server 2003 mail server or in server software such as Microsoft Exchange or Lotus Domino ) be. With Mercury / 32 the POP3 functionality is available as a module. Other software manufacturers can provide further solutions.

In the Unix area there are u. a. the following POP3 server software:

Advantages and disadvantages of POP3

advantage disadvantage
  • A permanent connection to the mail server is not necessary
  • The connection is established and terminated by the client as required
  • After registration, all emails are downloaded from the mail server
  • There is no synchronization between the clients. If a mail is deleted or marked as "read", this information is not transmitted to other mail clients.


Standard commands (available on every server):

USER xxx
selects the user name or the user account on the e-mail server.
PASS xxx
passes the password in clear text .
provides the status of the mailbox, etc. a. the number of all e-mails in the mailbox and their total size (in bytes).
provides the number and size of the ( nth ) email (s).
fetches the nth e-mail from the e-mail server.
deletes the nth e-mail on the e-mail server.
no function, the server answers with + OK.
resets all DELE commands.
ends the current POP3 session and executes all DELE commands.

Optional commands (depending on the server):

secure login, s. u.
TOP n x
gets the header and the first x lines of the nth mail.
shows the unique ID of the email.

To test POP3 connections, the commands can be sent directly to port 110 using a Telnet program and the responses from the POP3 server can be checked. (For this example, on Windows or Linux, enter telnet pop3 at the command prompt or console. Domain and port are separated by spaces and not colon.)

A typical POP3 session between server and client could look like this:

Client server
(waiting for connections on TCP port 110)
(opens connection)
+ OK POP3 server
+ OK Please enter password
PASS password_in_clartext
+ OK mailbox locked and ready
+ OK 1 236
+ OK mailbox has 1 messages (236 octets)
1 236
+ OK message follows
Date: Mon, Oct 18 2004 04:11:45 +0200
From: Someone <>
Subject: Test email
Content-Type: text / plain; charset = us-ascii; format = flowed
Content-Transfer-Encoding: 7bit

This is a test e-mail

+ OK message marked for delete
+ OK bye
(closes the connection and executes the DELE command)



Like SMTP, POP3 is pretty simple. It requires the user to be authenticated using a user name and password. Username and password are transmitted unprotected as plain text. This allows attackers unnoticed access to the mailbox and is a glaring security hole. There are various extensions to secure the authentication. This can be remedied by the mechanisms available on many servers via SASL and the APOP, which is also defined in the standard . When using APOP, the password is no longer transmitted in clear text. Instead, the server transmits a time stamp at the beginning of the session . The mail client calculates a hash value from this and the password , which is then transmitted to the server. If the server comes to the same result, the login process is considered successful.


The transmission of the authentication data, the POP3 commands and the message itself can also take place completely encrypted via SSL / TLS . Alternatively, the STARTTLS procedure (the command is STLS) is used on the standard TCP port 110 or POP3 via SSL (POP3S) on TCP port 995.

See also

Individual evidence

  1. POP4 specification although pop is used to receive mail after system is not online. . 2003. Archived from the original on September 27, 2011. Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. Retrieved October 17, 2011.  @1@ 2Template: Webachiv / IABot /


Web links