Post Office Protocol for downloading email messages from mail servers to client devices
POP3 (Post Office Protocol Version 3)
- Email retrieval protocol that downloads messages from mail server to client device
- Operates on TCP port 110 (unencrypted) or TCP port 995 (POP3S with SSL/TLS)
- Uses simple client-server model where client initiates all communication
- Protocol follows request-response pattern with ASCII text commands
How POP3 Works
- Client connects to mail server and authenticates with username/password
- Server provides access to user’s mailbox (inbox only)
- Client downloads messages to local storage
- Messages are typically deleted from server after download (default behavior)
- Connection terminates after mail retrieval is complete
POP3 Session States
| State |
Purpose |
Available Commands |
| Authorization |
User login |
USER, PASS, QUIT |
| Transaction |
Mail operations |
LIST, RETR, DELE, STAT |
| Update |
Cleanup |
QUIT (commits deletions) |
Key Characteristics
- Offline email model - designed for single device access
- Downloads entire message including attachments before reading
- Limited server-side storage (messages removed after retrieval)
- No folder synchronization - only works with inbox
- Minimal bandwidth usage after initial download
- Simple protocol with basic command set (approximately 10 commands)
POP3 vs IMAP Comparison
| Feature |
POP3 |
IMAP |
| Storage Location |
Client device |
Mail server |
| Multi-device Access |
Poor (single device) |
Excellent (synchronized) |
| Server Storage |
Minimal |
Requires more space |
| Offline Access |
Full access |
Limited (cached items) |
| Folder Support |
Inbox only |
Full folder structure |
| Bandwidth Usage |
High initially, low ongoing |
Moderate ongoing |
Common Use Cases
- Single computer email access where user checks mail from one location
- Limited server storage environments
- Situations requiring full offline email access
- Basic email setups for home users or small offices
- Mobile devices with storage constraints (though IMAP preferred now)
Security Considerations
- Standard POP3 sends credentials in plaintext (security risk)
- Use POP3S (port 995) for encrypted connections
- Authentication occurs before any encryption negotiation
- No built-in spam filtering or server-side message processing
Vocabulary
POP3S: POP3 over SSL/TLS providing encrypted communication on port 995
Mail User Agent (MUA): Email client software that implements POP3 protocol
Mailbox: Server-side storage location containing user’s email messages
DELE command: Marks message for deletion (actual deletion occurs during Update state)
Notes
- POP3 is largely superseded by IMAP for modern email implementations due to multi-device usage patterns
- Some email clients offer “leave messages on server” option to modify default POP3 behavior
- Protocol is still widely supported for backward compatibility
- Consider IMAP4 for environments requiring folder synchronization or multi-device access
- POP3 works well for archival email systems where messages need permanent local storage
- Firewall configurations must allow outbound TCP 110 (or 995 for POP3S) for client access