Post Office Protocol
Encyclopedia
In computing, the Post Office Protocol (POP) is an application-layer
Application layer
The Internet protocol suite and the Open Systems Interconnection model of computer networking each specify a group of protocols and methods identified by the name application layer....

 Internet standard
Internet standard
In computer network engineering, an Internet Standard is a normative specification of a technology or methodology applicable to the Internet. Internet Standards are created and published by the Internet Engineering Task Force .-Overview:...

 protocol used by local e-mail client
E-mail client
An email client, email reader, or more formally mail user agent , is a computer program used to manage a user's email.The term can refer to any system capable of accessing the user's email mailbox, regardless of it being a mail user agent, a relaying server, or a human typing on a terminal...

s to retrieve e-mail
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...

 from a remote server over a TCP/IP
Internet protocol suite
The Internet protocol suite is the set of communications protocols used for the Internet and other similar networks. It is commonly known as TCP/IP from its most important protocols: Transmission Control Protocol and Internet Protocol , which were the first networking protocols defined in this...

 connection. POP and IMAP (Internet Message Access Protocol) are the two most prevalent Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...

 standard protocols for e-mail retrieval. Virtually all modern e-mail clients and servers
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...

 support both. The POP protocol has been developed through several versions, with version 3 (POP3) being the current standard. Like IMAP, POP3 is supported by most webmail services such as Hotmail
Hotmail
Windows Live Hotmail, formerly known as MSN Hotmail and commonly referred to simply as Hotmail, is a free web-based email service operated by Microsoft as part of its Windows Live group. It was founded by Sabeer Bhatia and Jack Smith and launched in July 1996 as "HoTMaiL". It was one of the first...

, Gmail
Gmail
Gmail is a free, advertising-supported email service provided by Google. Users may access Gmail as secure webmail, as well via POP3 or IMAP protocols. Gmail was launched as an invitation-only beta release on April 1, 2004 and it became available to the general public on February 7, 2007, though...

 and Yahoo! Mail
Yahoo! Mail
Yahoo! Mail is a web mail service provided by Yahoo!. It was inaugurated in 1997, and, according to comScore, Yahoo! Mail was the second largest web-based email service with 273.1 million users as of November 2010....

.

Overview

POP supports simple download-and-delete requirements for access to remote mailboxes (termed maildrop in the POP RFC
Request for Comments
In computer network engineering, a Request for Comments is a memorandum published by the Internet Engineering Task Force describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems.Through the Internet Society, engineers and...

's). Although most POP clients have an option to leave mail on server after download, e-mail clients using POP generally connect, retrieve all messages, store them on the user's PC as new messages, delete them from the server, and then disconnect. Other protocols, notably IMAP, (Internet Message Access Protocol
Internet Message Access Protocol
Internet message access protocol is one of the two most prevalent Internet standard protocols for e-mail retrieval, the other being the Post Office Protocol...

) provide more complete and complex remote access to typical mailbox operations. Many e-mail clients support POP as well as IMAP to retrieve messages; however, fewer Internet Service Provider
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...

s (ISPs) support IMAP.

A POP3 server listens on well-known port 110. Encrypted
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...

 communication for POP3 is either requested after protocol initiation, using the STLS command, if supported, or by POP3S, which connects to the server using Transport Layer Security
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...

 (TLS) or Secure Sockets Layer (SSL) on well-known TCP port 995 (e.g. Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...

 Gmail).
Available messages to the client are fixed when a POP session opens the maildrop, and are identified by message-number local to that session or, optionally, by a unique identifier assigned to the message by the POP server. This unique identifier is permanent and unique to the maildrop and allows a client to access the same message in different POP sessions. Mail is retrieved and marked for deletion by message-number. When the client exits the session
Session (computer science)
In computer science, in particular networking, a session is a semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user . A session is set up or established at a certain point...

, the mail marked for deletion is removed from the maildrop.

History

POP (POP1) is specified in RFC 918 (1984), POP2 by RFC 937 (1985). The original specification of POP3 is RFC 1081 (1988). Its current specification is RFC 1939, updated with an extension mechanism, RFC 2449 and an authentication mechanism in RFC 1734.

POP2 has been assigned well-known port 109.

The original POP3 specification supported only an unencrypted USER/PASS
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....

 login
Login
Login is the method whereby a user obtains access to a computer system.Login may also refer to:*Magazines:** LOGiN, published by Enterbrain** ;login:, published by USENIX* Login, Carmarthenshire, an hamlet in Carmarthenshire...

 mechanism or Berkeley .rhosts
Rlogin
rlogin is a software utility for Unix-like computer operating systems that allows users to log in on another host via a network, communicating via TCP port 513.It was first distributed as part of the 4.2BSD release....

 access control. POP3 currently supports several authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...

 methods to provide varying levels of protection against illegitimate access to a user's e-mail. Most are provided by the POP3 extension mechanisms. POP3 clients support SASL
Simple Authentication and Security Layer
Simple Authentication and Security Layer is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses...

 authentication methods via the AUTH extension. MIT
Massachusetts Institute of Technology
The Massachusetts Institute of Technology is a private research university located in Cambridge, Massachusetts. MIT has five schools and one college, containing a total of 32 academic departments, with a strong emphasis on scientific and technological education and research.Founded in 1861 in...

 Project Athena
Project Athena
Project Athena was a joint project of MIT, Digital Equipment Corporation, and IBM to produce a campus-wide distributed computing environment for educational use. It was launched in 1983, and research and development ran until June 30, 1991, eight years after it began...

 also produced a Kerberized version.

RFC 1460 introduced APOP into the core protocol. APOP is a challenge/response protocol which uses the MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...

 hash function
Cryptographic hash function
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value...

 in an attempt to avoid replay attack
Replay attack
A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet...

s and disclosure of the shared secret
Shared secret
In cryptography, a shared secret is a piece of data, known only to the parties involved, in a secure communication. The shared secret can be a password, a passphrase, a big number or an array of randomly chosen bytes....

. Clients implementing APOP include Mozilla Thunderbird
Mozilla Thunderbird
Mozilla Thunderbird is a free, open source, cross-platform e-mail and news client developed by the Mozilla Foundation. The project strategy is modeled after Mozilla Firefox, a project aimed at creating a web browser...

, Opera Mail, Eudora
Eudora (e-mail client)
Eudora is an e-mail client used on the Apple Macintosh and Microsoft Windows operating systems. It also supports several palmtop computing platforms, including Newton and the Palm OS....

, KMail, Novell Evolution
Novell Evolution
Evolution or Novell Evolution is the official personal information manager and workgroup information management tool for GNOME. It combines e-mail, calendar, address book, and task list management functions. It has been an official part of GNOME since version 2.8 in September 2004...

, RimArts' Becky!
Becky!
Becky! is an e-mail client developed by the Japanese company RimArts from Matsudo City, Chiba. In the early 2000s, it had received attention in East Asia due to good support for CJKV characters. It supports multiple accounts using the standard POP3/SMTP or IMAP protocols, with or without SSL,...

, Windows Live Mail
Windows Live Mail
Windows Live Mail is a free of charge email client from Microsoft's Windows Live set of products. It is intended to be a successor for Outlook Express on Windows XP and Windows Mail on Windows Vista...

, PowerMail, and Mutt
Mutt (e-mail client)
Mutt is a text-based email client for Unix-like systems. It was originally written by Michael Elkins in 1995 and released under the GNU General Public License version 2 or any later version....

.

An informal proposal had been outlined for a "POP4" specification, complete with a working server implementation. This "POP4" proposal added basic folder management, multipart message support, as well as message flag management, allowing for a light protocol which supports some popular IMAP features which POP3 currently lacks. However, in doing so, it shared with IMAP the embedding in a communication protocol a specific model of a mailbox, which, although common, is not universal. No progress has been observed in this "POP4" proposal since 2003.

Extensions

An extension mechanism was proposed in RFC 2449 to accommodate general extensions as well as announce in an organized manner support for optional commands, such as TOP and UIDL. The RFC did not intend to encourage extensions, and reaffirmed that the role of POP3 is to provide simple support for mainly download-and-delete requirements of mailbox handling.

The extensions are termed capabilities and are listed by the CAPA command. Except for APOP, the optional commands were included in the initial set of capabilities. Following the lead of ESMTP (RFC 5321), capabilities beginning with an X signify local capabilities.

STARTTLS

The STARTTLS extension allows the use of Transport Layer Security
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...

 (TLS) or Secure Sockets Layer (SSL) to be negotiated using the STLS command, on the standard POP3 port, rather than an alternate. Some clients and servers, such as Google Gmail, instead use the deprecated alternate-port method, which uses TCP port 995 (POP3S).

SDPS

Demon Internet
Demon Internet
Demon Internet is a British Internet Service Provider. It was one of the UK's earliest ISPs, especially targeting the "dialup" audience. It started on 1 June 1992 from an idea posted on CIX by Cliff Stanford of Demon Systems Ltd. The branch in the Netherlands started in 1996, and was sold to KPN...

 introduced extensions to POP3 that allow multiple accounts per domain, and has become known as Standard Dial-up POP3 Service (SDPS).http://e.demon.net/helpdesk/producthelp/mail/sdps-tech.html/ To access each account, the username includes the hostname, as john@hostname or john+hostname.

Google Apps uses the same method.

Comparison with IMAP

Clients that leave mail on servers generally use the UIDL command to get the current association of message-numbers to message identified by its unique identifier
Unique identifier
With reference to a given set of objects, a unique identifier is any identifier which is guaranteed to be unique among all identifiers used for those objects and for a specific purpose...

. The unique identifier is arbitrary, and might be repeated if the mailbox contains identical messages. In contrast, IMAP uses a 32-bit unique identifier (UID) that is assigned to messages in ascending (although not necessarily consecutive) order as they are received. When retrieving new messages, an IMAP client requests the UIDs greater than the highest UID among all previously-retrieved messages, whereas a POP client must fetch the entire UIDL map. For large mailboxes, this can require significant processing.
MIME
MIME
Multipurpose Internet Mail Extensions is an Internet standard that extends the format of email to support:* Text in character sets other than ASCII* Non-text attachments* Message bodies with multiple parts...

 serves as the standard for attachments and non-ASCII
ASCII
The American Standard Code for Information Interchange is a character-encoding scheme based on the ordering of the English alphabet. ASCII codes represent text in computers, communications equipment, and other devices that use text...

 text in e-mail. Although neither POP3 nor SMTP require MIME-formatted e-mail, essentially all non-ASCII Internet e-mail comes MIME-formatted, so POP clients must also understand and use MIME. IMAP, by design, assumes MIME-formatted e-mail.

Dialog example

The APOP usage is a direct example from RFC 1939 page 18.

RFC 1939 APOP support indicated by <1896.697170952@dbc.mtview.ca.us> here:

S:
C:
S: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>
C: APOP mrose c4c9334bac560ecc979e58001b3e22fb
S: +OK mrose's maildrop has 2 messages (320 octets)
C: STAT
S: +OK 2 320
C: LIST
S: +OK 2 messages (320 octets)
S: 1 120
S: 2 200
S: .
C: RETR 1
S: +OK 120 octets
S:
S: .
C: DELE 1
S: +OK message 1 deleted
C: RETR 2
S: +OK 200 octets
S:
S: .
C: DELE 2
S: +OK message 2 deleted
C: QUIT
S: +OK dewey POP3 server signing off (maildrop empty)
C:
S:

POP3 servers without the optional APOP command expect the client to log in with the USER and PASS commands:

C: USER mrose
S: +OK User accepted
C: PASS tanstaaf
S: +OK Pass accepted

Server implementations

  • Apache James
    Apache James
    Apache James, aka Java Apache Mail Enterprise Server or some variation thereof, is an open source SMTP and POP3 mail transfer agent and NNTP news server written entirely in Java. James is maintained by contributors to the Apache Software Foundation, with initial contributions by Serge Knystautas....

  • Citadel/UX
    Citadel/UX
    Citadel/UX is a collaboration suite that is descended from the Citadel family of programs which became popular in the 1980s and 1990s as a bulletin board system platform. It is designed to run on open source operating systems such as Linux or BSD...

  • Courier Mail Server
    Courier Mail Server
    The Courier mail server is a mail transfer agent server that provides ESMTP, IMAP, POP3, SMAP, webmail, and mailing list services with individual components. It is best known for its IMAP server component....

  • Cyrus IMAP server
    Cyrus IMAP server
    The Cyrus IMAP server differs from other IMAP server implementations in that it is generally intended to be run on sealed servers, where normal users cannot log in. The mail spool uses a filesystem layout and format similar to the Maildir format used by other popular email servers such as qmail,...

  • Dovecot
    Dovecot (software)
    Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind. Developed by Timo Sirainen, Dovecot was first released in July 2002...

  • Eudora Internet Mail Server
    Eudora Internet Mail Server
    Eudora Internet Mail Server is a POP3, IMAP, and SMTP server for Mac OS.-History:In 1993 Glenn Anderson started development on what was then called MailShare, which was available as freeware. In 1995 MailShare was purchased by Apple Computer and renamed to Apple Internet Mail Server. Version 1.0...

  • Mailtraq
    Mailtraq
    Mailtraq is a commercial mail and groupware server. It runs on Microsoft Windows.-Features:The email server offers POP3, SMTP, HTTP, IMAP4 all with SSL/TLS support, plus NNTP, and provides webmail functionality....

  • Nginx
    Nginx
    nginx is a Web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. It is licensed under a BSD-like license and it runs on Unix, Linux, BSD variants, Mac OS X, Solaris, and Microsoft Windows.- Overview...

  • qmail-pop3d
    Qmail
    qmail is a mail transfer agent that runs on Unix. It was written, starting December 1995, by Daniel J. Bernstein as a more secure replacement for the popular Sendmail program...

  • Qpopper
    Qpopper
    Qpopper is one of the oldest and most popular server implementation of POP3. As a free and open-source server distributed under BSD style license, it has been a common choice for Internet Service Providers, schools, corporations, and other organizations...

  • RePOP
    RePOP
    RePOP is a load-balancing proxy server specific to the POP3 protocol.It operates by answering the initial POP3 handshake and authentication request from a POP3 client....

  • UW IMAP
    UW IMAP
    The UW IMAP server is the reference server implementation of the IMAP protocol. Unlike other server implementations, it is designed to be aggressively compatible with existing legacy mail stores and systems, and to be "plug-and-play" installable without requiring any site-specific configuration.UW...

  • WinGate
    Wingate
    -Places:In New Zealand:* Wingate, New Zealand, A suburb of Lower HuttIn the United Kingdom:* Wingate, County Durham* Old Wingate, County Durham* Wingates, Bolton, Greater ManchesterIn the United States:* Wingate, Indiana...

  • Zimbra
    Zimbra
    Zimbra Collaboration Suite is a groupware product created by Zimbra, Inc., located in Palo Alto, California, USA. The company was purchased by Yahoo! in September 2007, and subsequently purchased by VMware on Tuesday, January 12, 2010. The software consists of both client and server components...


Related requests for comments (RFCs)

  • RFC 918 – POST OFFICE PROTOCOL
  • RFC 937 – POST OFFICE PROTOCOL – VERSION 2
  • RFC 1081 – Post Office Protocol – Version 3
  • RFC 1939 – Post Office Protocol – Version 3 (STD 53)
  • RFC 1957 – Some Observations on Implementations of the Post Office Protocol (POP3)
  • RFC 2195 – IMAP/POP AUTHorize Extension for Simple Challenge/Response
  • RFC 2384 – POP URL Scheme
  • RFC 2449 – POP3 Extension Mechanism
  • RFC 2595 – Using TLS with IMAP, POP3 and ACAP
  • RFC 3206 – The SYS and AUTH POP Response Codes
  • RFC 5034 – The Post Office Protocol (POP3) Simple Authentication and Security Layer (SASL) Authentication Mechanism

See also

  • Internet Message Access Protocol
    Internet Message Access Protocol
    Internet message access protocol is one of the two most prevalent Internet standard protocols for e-mail retrieval, the other being the Post Office Protocol...

     (IMAP)
  • Simple Mail Transfer Protocol
    Simple Mail Transfer Protocol
    Simple Mail Transfer Protocol is an Internet standard for electronic mail transmission across Internet Protocol networks. SMTP was first defined by RFC 821 , and last updated by RFC 5321 which includes the extended SMTP additions, and is the protocol in widespread use today...

     (SMTP)
  • Simple Mail Access Protocol
    Simple Mail Access Protocol
    The Simple Mail Access Protocol is an application layer Internet protocol for accessing e-mail stored on a server. It was introduced as part of the Courier suite, with the goal of creating a simpler and more capable alternative to IMAP....

     (SMAP)
  • E-mail client
    E-mail client
    An email client, email reader, or more formally mail user agent , is a computer program used to manage a user's email.The term can refer to any system capable of accessing the user's email mailbox, regardless of it being a mail user agent, a relaying server, or a human typing on a terminal...

  • webmail
  • POP3 clients: getmail
    Getmail
    getmail is a simple mail retrieval agent intended as a replacement for fetchmail, implemented in Python. It can retrieve mail from POP3, IMAP4 and Standard Dial-up POP3 Service servers, with or without SSL...

    , fetchmail
    Fetchmail
    Fetchmail is an open source software utility for POSIX-compliant operating systems which is used to retrieve e-mail from a remote POP3, IMAP, ETRN or ODMR mail server to the user's local system. It was developed from the popclient program, written by Carl Harris.Its chief significance is perhaps...

  • email encryption

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK