Post Office Protocol (POP)
The Post Office Protocol (POP) is a standard application-layer Internet protocol used by email clients to retrieve messages from a remote mail server. It enables users to download emails from their mail server onto their local device for reading and management. POP is one of the earliest and simplest email retrieval protocols, designed to allow offline access to messages once they have been downloaded.
Background and Purpose
Before the widespread use of cloud-based email systems, users typically accessed mail stored on a central server using desktop clients. The Post Office Protocol, developed in the early 1980s, allowed users to connect briefly to their mail server, retrieve messages, and disconnect—ideal for the dial-up connections of that era.
POP was standardised by the Internet Engineering Task Force (IETF), with several versions introduced over time:
- POP1 (1984): The earliest experimental version.
- POP2 (1985): Introduced basic commands for message retrieval.
- POP3 (1988): The current and most widely used version, officially defined in RFC 1939 (1996), with later extensions for security and authentication.
Basic Function
The Post Office Protocol provides a mechanism for a mail client (user agent) to connect to a mail server, authenticate the user, download email messages, and then (optionally) delete them from the server.
POP operates over a Transmission Control Protocol (TCP) connection, typically on port 110. Secure POP connections using encryption operate on port 995 and are referred to as POP3S (POP3 Secure).
The protocol is designed for simple, single-device email access — once messages are downloaded, they are stored locally and may no longer exist on the server unless configured otherwise.
Working Process of POP3
The POP3 process involves three main stages:
-
Connection and Authentication Phase:
- The email client connects to the mail server via TCP/IP on port 110 (or 995 for SSL).
- The client sends the USER and PASS commands to log in using the user’s credentials.
- The server verifies the login and grants access to the mailbox.
-
Transaction Phase:
- The client issues commands to interact with messages in the mailbox.
- Common actions include listing messages, retrieving them, marking for deletion, or resetting the session.
- The client downloads email data to local storage (in formats like .eml or within local mail archives).
-
Update Phase:
- After the client disconnects, the server performs any updates, such as deleting messages marked for removal.
- The connection is then terminated, completing the retrieval session.
Common POP3 Commands and Responses
| Command | Function | Server Response Example |
|---|---|---|
| USER | Specifies username | +OK user accepted |
| PASS | Specifies password | +OK maildrop ready |
| STAT | Shows number and size of messages | +OK 3 1200 |
| LIST | Lists messages with numbers and sizes | +OK scan listing follows |
| RETR n | Retrieves message number n | +OK message follows |
| DELE n | Marks message number n for deletion | +OK message deleted |
| NOOP | Keeps the connection alive | +OK |
| RSET | Unmarks all deletions | +OK maildrop has 3 messages |
| QUIT | Ends session and updates mailbox | +OK goodbye |
Responses from the server usually begin with +OK (success) or -ERR (error).
Features of POP3
- Simple and efficient: Designed for quick access and retrieval of messages.
- Offline access: Once emails are downloaded, users can read and manage them without an Internet connection.
- Stateless protocol: The server does not retain session information after disconnection.
- Limited storage dependency: Messages are generally removed from the server after retrieval, conserving server space.
Advantages
- Low server load: Since messages are usually deleted after download, server storage requirements are minimal.
- Offline usability: Ideal for users with intermittent Internet connectivity.
- Simplicity: Easy to configure and compatible with nearly all email clients.
Disadvantages
- Single-device limitation: Emails are downloaded and stored locally, making them unavailable on other devices.
- Risk of data loss: If the local device fails and messages have been deleted from the server, they cannot be recovered.
- Limited synchronisation: POP does not sync changes (like read status or folder structure) between client and server.
- Inefficient for modern multi-device use: In the age of smartphones and cloud email, POP is less suitable than alternatives such as IMAP.
POP vs IMAP
| Feature | POP (Post Office Protocol) | IMAP (Internet Message Access Protocol) |
|---|---|---|
| Storage | Downloads and often deletes messages from server | Stores messages on the server |
| Access Mode | Offline (local access) | Online (server-based synchronisation) |
| Multiple Devices | Not well-suited | Excellent multi-device support |
| Folder Management | Not supported | Fully supported |
| Typical Port | 110 / 995 (SSL) | 143 / 993 (SSL) |
| Best Use Case | Single-device, limited connectivity | Multi-device, cloud-based use |
IMAP (Internet Message Access Protocol), developed later, eventually became the preferred method for users needing synchronised access across multiple devices.
Security Enhancements
Over time, several security mechanisms were introduced to strengthen POP:
- POP3S (POP3 Secure): Uses SSL/TLS encryption over port 995 for secure transmission.
- STARTTLS: Enables encrypted communication over the standard POP3 port after connection establishment.
- SASL (Simple Authentication and Security Layer): Provides stronger authentication methods.
Applications and Usage
POP is supported by nearly all major email clients, including Microsoft Outlook, Mozilla Thunderbird, Apple Mail, and others. Many email services such as Gmail, Yahoo! Mail, and Outlook.com still provide POP3 access for legacy compatibility and offline email management.
Modern Relevance
While POP remains in use, especially in environments with limited connectivity or specific archival needs, it has largely been replaced by IMAP and web-based email protocols. However, its simplicity, low overhead, and offline functionality continue to make it relevant in certain contexts, particularly for embedded systems or older infrastructure.