In computing, the Post Office Protocol (POP) is an

application-layer An application layer is an abstraction layer that specifies the shared communications protocols and interface methods used by hosts in a communications network. An ''application layer'' abstraction is specified in both the Internet Protocol Sui ...

Internet standard In computer network engineering, an Internet Standard is a normative specification of a technology or methodology applicable to the Internet. Internet Standards are created and published by the Internet Engineering Task Force (IETF). They allow ...

protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technolog ...

used by

e-mail client An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email. A web application which provides message management, composition, and reception functio ...

s to retrieve

e-mail Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...

from a mail server. POP version 3 (POP3) is the version in common use, and along with

IMAP In computing, the Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP is defined by . IMAP was designed with the goal of per ...

the most common protocols for email retrieval.

Purpose

The Post Office Protocol provides access via an

Internet Protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. IP h ...

(IP) network for a user client application to a mailbox (''maildrop'') maintained on a mail server. The protocol supports download and delete operations for messages. POP3 clients connect, retrieve all messages, store them on the client computer, and finally delete them from the server. This design of POP and its procedures was driven by the need of users having only temporary Internet connections, such as

dial-up access Dial-up Internet access is a form of Internet access that uses the facilities of the public switched telephone network (PSTN) to establish a connection to an Internet service provider (ISP) by dialing a telephone number on a conventional telepho ...

, allowing these users to retrieve e-mail when connected, and subsequently to view and manipulate the retrieved messages when offline. POP3 clients also have an option to leave mail on the server after download. By contrast, the

Internet Message Access Protocol In computing, the Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP is defined by . IMAP was designed with the goal of per ...

(IMAP) was designed to normally leave all messages on the server to permit management with multiple client applications, and to support both connected (''online'') and disconnected (''offline'') modes of operation. A POP3 server listens on well-known port number 110 for service requests.

Encrypted communication Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication ...

for POP3 is either requested after protocol initiation, using the STLS command, if supported, or by POP3S, which connects to the server using

Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...

(TLS) or

Secure Sockets Layer Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...

(SSL) on well-known TCP

port A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as Ham ...

number 995. Messages available to the client are determined when a POP3 session opens the maildrop, and are identified by message-number local to that session or, optionally, by a unique identifier assigned to the message by the POP server. This unique identifier is permanent and unique to the maildrop and allows a client to access the same message in different POP sessions. Mail is retrieved and marked for deletion by the message-number. When the client exits the session, mail marked for deletion is removed from the maildrop.

History

The first version of the Post Office Protocol, POP1, was specified in RFC 918 (1984) by

Joyce K. Reynolds Joyce Kathleen Reynolds (March 8, 1952 – December 28, 2015) was an American computer scientist who played a significant role in developing protocols underlying the Internet. She authored or co-authored many RFCs, most notably those introducin ...

. POP2 was specified in RFC 937 (1985). POP3 is the version in most common use. It originated with RFC 1081 (1988) but the most recent specification is RFC 1939, updated with an extension mechanism (RFC 2449) and an authentication mechanism in RFC 1734. This led to a number of POP implementations such as Pine,

POPmail POPmail was an early e-mail client written at the University of Minnesota. The original version was a Hypercard stack that acted as a Post Office Protocol In computing, the Post Office Protocol (POP) is an application-layer Internet standard p ...

, and other early mail clients. While the original POP3 specification supported only an unencrypted USER/

PASS Pass, PASS, The Pass or Passed may refer to: Places * Pass, County Meath, a townland in Ireland * Pass, Poland, a village in Poland * Pass, an alternate term for a number of straits: see List of straits * Mountain pass, a lower place in a moun ...

login In computer security, logging in (or logging on, signing in, or signing on) is the process by which an individual gains access to a computer system by identifying and authenticating themselves. The user credentials are typically some fo ...

mechanism or Berkeley .rhosts access control, today POP3 supports several

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...

methods to provide varying levels of protection against illegitimate access to a user's e-mail. Most are provided by the POP3 extension mechanisms. POP3 clients support SASL authentication methods via the AUTH extension.

MIT The Massachusetts Institute of Technology (MIT) is a private land-grant research university in Cambridge, Massachusetts. Established in 1861, MIT has played a key role in the development of modern technology and science, and is one of the m ...

Project Athena Project Athena was a joint project of MIT, Digital Equipment Corporation, and IBM to produce a campus-wide distributed computing environment for educational use. It was launched in 1983, and research and development ran until June 30, 1991. , A ...

also produced a

Kerberized Kerberos () is a computer-network authentication protocol that works on the basis of ''tickets'' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily ...

version. RFC 1460 introduced APOP into the core protocol. APOP is a challenge–response protocol which uses the MD5

hash function A hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called ''hash values'', ''hash codes'', ''digests'', or simply ''hashes''. The values are usually u ...

in an attempt to avoid

replay attack A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary wh ...

s and disclosure of the

shared secret In cryptography, a shared secret is a piece of data, known only to the parties involved, in a secure communication. This usually refers to the key of a symmetric cryptosystem. The shared secret can be a password, a passphrase, a big number, or ...

. Clients implementing APOP include

Mozilla Thunderbird Mozilla Thunderbird is a free and open-source cross-platform email client, personal information manager, news client, RSS and chat client developed by the Mozilla Foundation and operated by subsidiary MZLA Technologies Corporation. The projec ...

Opera Mail Opera Mail (formerly known as M2) is the email and news client developed by Opera Software. It was an integrated component within the Opera web browser from version 2 through 12. With the release of Opera 15 in 2013, Opera Mail became a separate ...

, Eudora,

KMail Kontact is a personal information manager and groupware software suite developed by KDE. It supports calendars, contacts, notes, to-do lists, news, and email. It offers a number of inter-changeable graphical UIs (KMail, KAddressBook, Akregator, ...

Novell Evolution GNOME Evolution (formerly Novell Evolution and Ximian Evolution, prior to Novell's 2003 acquisition of Ximian) is the official personal information manager for GNOME. It has been an official part of GNOME since Evolution 2.0 was included with ...

, RimArts'

Becky! Becky! Internet Mail is an e-mail client used on the Microsoft Windows operating systems and was developed by the Japanese company RimArts from Matsudo City, Chiba. Becky! was originally released in 1996 as Becky! Version 1. That version was r ...

Windows Live Mail Windows Live Mail (formerly named Windows Live Mail Desktop, code-named Elroy) was a freeware email client from Microsoft. It is the successor to Windows Mail in Windows Vista, which was the successor to Outlook Express in Windows XP and Windows ...

, PowerMail,

Apple Mail Apple Mail (officially known as Mail) is an email client included by Apple Inc. with its operating systems macOS, iOS, iPadOS and watchOS. Apple Mail grew out of NeXTMail, which was originally developed by NeXT as part of its NeXTSTEP operati ...

, and Mutt. RFC 1460 was obsoleted by RFC 1725, which was in turn obsoleted by RFC 1939.

POP4

POP4 exists only as an informal proposal adding basic folder management, multipart message support, as well as message flag management to compete with IMAP; however, its development has not progressed since 2003.

Extensions and specifications

An extension mechanism was proposed in RFC 2449 to accommodate general extensions as well as announce in an organized manner support for optional commands, such as TOP and UIDL. The RFC did not intend to encourage extensions, and reaffirmed that the role of POP3 is to provide simple support for mainly download-and-delete requirements of mailbox handling. The extensions are termed capabilities and are listed by the CAPA command. With the exception of APOP, the optional commands were included in the initial set of capabilities. Following the lead of ESMTP (RFC 5321), capabilities beginning with an X signify local capabilities.

STARTTLS

The STARTTLS extension allows the use of

(TLS) or

(SSL) to be negotiated using the ''STLS'' command, on the standard POP3 port, rather than an alternate. Some clients and servers instead use the alternate-port method, which uses TCP port 995 (POP3S).

SDPS

Demon Internet Demon Internet was a British Internet service provider, initially an independent business, later operating as a brand of Vodafone. It was List of UK ISPs by age, one of the UK's earliest ISPs, offering dial-up Internet access services from 1 June ...

introduced extensions to POP3 that allow multiple accounts per domain, and has become known as ''Standard Dial-up POP3 Service'' (SDPS). To access each account, the username includes the hostname, as ''john@hostname'' or ''john+hostname''. Google Apps uses the same method.

Kerberized Post Office Protocol

computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, e ...

, local

s can use the Kerberized Post Office Protocol (KPOP), an

, to retrieve

from a remote

server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...

over a

TCP/IP The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suit ...

connection. The KPOP protocol is based on the POP3 protocol – differing in that it adds Kerberos security and that it runs by default over TCP port number 1109 instead of 110. One mail server software implementation is found in the

Cyrus IMAP server The Cyrus IMAP server is electronic mail server software developed by Carnegie Mellon University. It differs from other Internet Message Access Protocol (IMAP) server implementations in that it is generally intended to be run on sealed servers, ...

Session example

The following POP3 session dialog is an example in RFC 1939:RFC 1939, page 19 S: C: S: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us> C: APOP mrose c4c9334bac560ecc979e58001b3e22fb S: +OK mrose's maildrop has 2 messages (320 octets) C: STAT S: +OK 2 320 C: LIST S: +OK 2 messages (320 octets) S: 1 120 S: 2 200 S: . C: RETR 1 S: +OK 120 octets S: S: . C: DELE 1 S: +OK message 1 deleted C: RETR 2 S: +OK 200 octets S: S: . C: DELE 2 S: +OK message 2 deleted C: QUIT S: +OK dewey POP3 server signing off (maildrop empty) C: S: POP3 servers without the optional APOP command expect the client to log in with the USER and PASS commands: C: USER mrose S: +OK User accepted C: PASS tanstaaf S: +OK Pass accepted

Comparison with IMAP

The

(IMAP) is an alternative and more recent mailbox access protocol. The highlights of differences are: * POP is a simpler protocol, making implementation easier. * POP moves the message from the email server to the local computer, although there is usually an option in email clients to leave the messages on the email server as well. IMAP defaults to leaving the message on the email server, simply downloading a local copy. * POP treats the mailbox as a single store, and has no concept of folders * An IMAP client performs complex queries, asking the server for headers, or the bodies of specified messages, or to search for messages meeting certain criteria. Messages in the mail repository can be marked with various status flags (e.g. "deleted" or "answered") and they stay in the repository until explicitly removed by the user—which may not be until a later session. In short: IMAP is designed to permit manipulation of remote mailboxes as if they were local. Depending on the IMAP client implementation and the mail architecture desired by the system manager, the user may save messages directly on the client machine, or save them on the server, or be given the choice of doing either. * The POP protocol requires the currently connected client to be the only client connected to the mailbox. In contrast, the IMAP protocol specifically allows simultaneous access by multiple clients and provides mechanisms for clients to detect changes made to the mailbox by other, concurrently connected, clients. See for example RFC3501 section 5.2 which specifically cites "simultaneous access to the same mailbox by multiple agents" as an example. * When POP retrieves a message, it receives all parts of it, whereas the IMAP4 protocol allows clients to retrieve any of the individual

MIME Multipurpose Internet Mail Extensions (MIME) is an Internet standard that extends the format of email messages to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs. Message ...

parts separately – for example, retrieving the plain text without retrieving attached files. * IMAP supports flags on the server to keep track of message state: for example, whether or not the message has been read, replied to, forwarded, or deleted.

Related requests for comments (RFCs)

* – POST OFFICE PROTOCOL * – POST OFFICE PROTOCOL – VERSION 2 * – Post Office Protocol – Version 3 * – Post Office Protocol – Version 3 (STD 53) * – Some Observations on Implementations of the Post Office Protocol (POP3) * – IMAP/POP AUTHorize Extension for Simple Challenge/Response * – POP URL Scheme * – POP3 Extension Mechanism * – Using TLS with IMAP, POP3 and ACAP * – The SYS and AUTH POP Response Codes * – The Post Office Protocol (POP3) Simple Authentication and Security Layer (SASL) Authentication Mechanism * – Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access

References

External links

IANA port number assignments

POP3 Sequence Diagram
(PDF) {{E-mail clients Internet mail protocols