Post Office Protocol

This article needs additional citations for verification. Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (November 2007)

Internet Protocol Suite
Application Layer
BGP · DHCP · DNS · FTP · HTTP · IMAP · IRC · LDAP · MGCP · NNTP · NTP · POP · RIP · RPC · RTP · SIP · SMTP · SNMP · SOCKS · SSH · Telnet · XMPP · (more)
Transport Layer
TCP · TLS/SSL · UDP · DCCP · SCTP · RSVP · ECN · (more)
Internet Layer
IP (IPv4, IPv6) · ICMP · ICMPv6 · IGMP · IPsec · (more)
Link Layer
ARP/InARP · NDP · OSPF · Tunnels (L2TP) · PPP · Media Access Control (Ethernet, DSL, ISDN, FDDI) · (more)
v · d · e

In computing, the Post Office Protocol (POP) is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection.^[1] POP and IMAP (Internet Message Access Protocol) are the two most prevalent Internet standard protocols for e-mail retrieval.^[2] Virtually all modern e-mail clients and servers support both. The POP protocol has been developed through several versions, with version 3 (POP3) being the current standard. Like IMAP, POP3 is supported by most webmail services such as Hotmail, Gmail and Yahoo! Mail.

Contents 1 Overview 2 History 3 Extensions 3.1 STLS 3.2 SDPS 4 Comparison with IMAP 5 Dialog example 6 Server implementations 7 Related Requests For Comments (RFCs) 8 See also 9 References 10 Further reading 11 External links

[edit] Overview

POP supports simple download-and-delete requirements for access to remote mailboxes (termed maildrop in the POP RFC's).^[3] Although most POP clients have an option to leave mail on server after download, e-mail clients using POP generally connect, retrieve all messages, store them on the user's PC as new messages, delete them from the server, and then disconnect. Other protocols, notably IMAP, (Internet Message Access Protocol) provide more complete and complex remote access to typical mailbox operations. Many e-mail clients support POP as well as IMAP to retrieve messages; however, fewer Internet Service Providers (ISPs) support IMAP^{[citation needed]}.

A POP3 server listens on well-known port 110. Encrypted communication for POP3 is either requested after protocol initiation, using the STLS command, if supported, or by POP3S, which connects to the server using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) on well-known TCP port 995 (e.g. Google Gmail).

Available messages to the client are fixed when a POP session opens the maildrop, and are identified by message-number local to that session or, optionally, by a unique identifier assigned to the message by the POP server. This unique identifier is permanent and unique to the maildrop and allows a client to access the same message in different POP sessions. Mail is retrieved and marked for deletion by message-number. When the client exits the session, the mail marked for deletion is removed from the maildrop.

[edit] History

POP (POP1) is specified in RFC 918, POP2 by RFC 937. The original specification of POP3 is RFC 1081. Its current specification is RFC 1939, updated with an extension mechanism, RFC 2449 and an authentication mechanism in RFC 1734.

POP2 has been assigned well-known port 109.

The original POP3 specification supported only an unencrypted USER/PASS login mechanism or Berkeley .rhosts access control. POP3 currently supports several authentication methods to provide varying levels of protection against illegitimate access to a user's e-mail. Most are provided by the POP3 extension mechanisms. POP3 clients support SASL authentication methods via the AUTH extension. MIT Project Athena also produced a Kerberized version.

RFC 1460 introduced APOP into the core protocol. APOP is a challenge/response protocol which uses the MD5 hash function in an attempt to avoid replay attacks and disclosure of the shared secret. Clients implementing APOP include Mozilla Thunderbird, Opera Mail, Eudora, KMail, Novell Evolution, RimArts' Becky!,^[4] Windows Live Mail, PowerMail, and Mutt.

An informal proposal has been outlined for a POP4 specification, complete with a working server implementation. The proposed POP4 extension adds basic folder management, multipart message support, as well as message flag management, allowing for a light protocol which supports some popular IMAP features which POP3 currently lacks. However, in doing so, it shares with IMAP the embedding in a communication protocol a specific model of a mailbox, which, although common, is not universal.

No progress has been observed in the POP4 specification since 2003.

[edit] Extensions

An extension mechanism was proposed in RFC 2449 to accommodate general extensions as well as announce in an organized manner support for optional commands, such as TOP and UIDL. The RFC did not intend to encourage extensions, and reaffirmed that the role of POP3 is to provide simple support for mainly download-and-delete requirements of mailbox handling.

The extensions are termed capabilities and are listed by the CAPA command. Except for APOP, the optional commands were included in the initial set of capabilities. Following the lead of ESMTP (RFC 2821), capabilities beginning with an X signify local capabilities.

[edit] STLS

POP uses the Transmission Control Protocol on port number 110. Transmission may be encrypted using Transport Layer Security (TLS) or Secure Sockets Layer (SSL). This is negotiated in the POP3 protocol using the STLS command. Some clients and servers, such as Google Gmail, instead use the deprecated alternate-port method, which uses TCP port 995 (POP3S).

[edit] SDPS

Demon Internet introduced extensions to POP3 that allow multiple accounts per domain, and has become known as Standard Dial-up POP3 Service (SDPS).[1] To access each account, the username includes the hostname, as john@hostname or john+hostname.

Google Apps uses the same method.

[edit] Comparison with IMAP

Clients that leave mail on servers generally use the UIDL command to get the current association of message-numbers to message identified by its unique identifier. The unique identifier is arbitrary, and might be repeated if the mailbox contains identical messages. In contrast, IMAP uses a 32-bit unique identifier (UID) that is assigned to messages in ascending (although not necessarily consecutive) order as they are received. When retrieving new messages, an IMAP client requests the UIDs greater than the highest UID among all previously-retrieved messages, whereas a POP client must fetch the entire UIDL map. For large mailboxes, this can require significant processing.

MIME serves as the standard for attachments and non-ASCII text in e-mail. Although neither POP3 nor SMTP require MIME-formatted e-mail, essentially all non-ASCII Internet e-mail comes MIME-formatted, so POP clients must also understand and use MIME. IMAP, by design, assumes MIME-formatted e-mail.

[edit] Dialog example

The APOP usage is a direct example from RFC 1939 page 16.

RFC 1939 APOP support indicated by <1896.697170952@dbc.mtview.ca.us> here:

S: <wait for connection on TCP port 110>
C: <open connection>
S:    +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>
C:    APOP mrose c4c9334bac560ecc979e58001b3e22fb
S:    +OK mrose's maildrop has 2 messages (320 octets)
C:    STAT
S:    +OK 2 320
C:    LIST
S:    +OK 2 messages (320 octets)
S:    1 120
S:    2 200
S:    .
C:    RETR 1
S:    +OK 120 octets
S:    <the POP3 server sends message 1>
S:    .
C:    DELE 1
S:    +OK message 1 deleted
C:    RETR 2
S:    +OK 200 octets
S:    <the POP3 server sends message 2>
S:    .
C:    DELE 2
S:    +OK message 2 deleted
C:    QUIT
S:    +OK dewey POP3 server signing off (maildrop empty)
C:  <close connection>
S:  <wait for next connection>

POP3 servers without the optional APOP command expect the client to log in with the USER and PASS commands:

C:    USER mrose
S:    +OK User accepted
C:    PASS tanstaaf
S:    +OK Pass accepted

[edit] Server implementations

• Apache James
• Citadel/UX
• Courier Mail Server
• Cyrus IMAP server
• Dovecot
• Eudora Internet Mail Server
• Mailtraq
• Nginx
• qmail-pop3d
• Qpopper
• RePOP
• UW IMAP
• Zimbra

[edit] Related Requests For Comments (RFCs)

• RFC 918 - POST OFFICE PROTOCOL
• RFC 937 - POST OFFICE PROTOCOL - VERSION 2
• RFC 1081 - Post Office Protocol - Version 3
• RFC 1939 – Post Office Protocol - Version 3 (STD 53)
• RFC 1957 – Some Observations on Implementations of the Post Office Protocol (POP3)
• RFC 2195 – IMAP/POP AUTHorize Extension for Simple Challenge/Response
• RFC 2384 – POP URL Scheme
• RFC 2449 – POP3 Extension Mechanism
• RFC 2595 – Using TLS with IMAP, POP3 and ACAP
• RFC 3206 – The SYS and AUTH POP Response Codes
• RFC 5034 – The Post Office Protocol (POP3) Simple Authentication and Security Layer (SASL) Authentication Mechanism

[edit] See also

• Internet Message Access Protocol (IMAP)
• Simple Mail Transfer Protocol (SMTP)
• Simple Mail Access Protocol (SMAP)
• E-mail client
• webmail
• POP3 clients: getmail, fetchmail
• email encryption

[edit] References

[edit] Further reading

• Hughes, L (1998). Internet e-mail Protocols, Standards and Implementation. Artech House Publishers. ISBN 0890069395. 
• Johnson, K (2000). Internet Email Protocols: A Developer's Guide. Addison-Wesley Professional. ISBN 0201432889. 
• Loshin, P (1999). Essential Email Standards: RFCs and Protocols Made Practical. John Wiley & Sons. ISBN 0471345970. 
• Rhoton, J (1999). Programmer's Guide to Internet Mail: SMTP, POP, IMAP, and LDAP. Elsevier. ISBN 1555582125. 
• Wood, D (1999). Programming Internet Mail. O'Reilly. ISBN 1565924797. 

[edit] External links

• IANA port number assignments
• POP3 Sequence Diagram (PDF)
• POP4 Proposal Website

v · d · eE-mail clients Open source Alpine · Arachne · Balsa · BlitzMail · Citadel/UX · Classilla · Claws Mail · Columba · Cone · Elm · Evolution · fetchmail · getmail · GNUMail · Gnus · Gnuzilla · KMail · Mahogany · Mailody · Modest · Mozilla Thunderbird · Mulberry · Mutt · nmh / MH · Novell Evolution · RoundCube · SeaMonkey · sendEmail · SimpleMail · Spicebird · SquirrelMail · Sylpheed · Wanderlust · YAM · Zimbra Freeware ChatterEmail · Denshin 8 go · eM Client · Eudora · Foxmail · i.Scribe · IncrediMail · Mailsmith · Opera Mail · Wanderlust · Windows Live Mail Retail Apple Mail · IBM Lotus Notes · InScribe · Microsoft Office Outlook · Novell GroupWise · Sparrow · Turnpike · Bloomba/WordPerfect Mail Shareware Becky! · Eureka Email · Forté Agent · Gemini (mail/news) · GyazMail · Pocomail · The Bat! Donationware Forté Agent · Pegasus Mail Discontinued Beonex Communicator · cc:Mail · Claris Emailer · Columbia MM · Courier · Cyberdog · Cyberjack · Hula · Meldware Communication Suite · Microsoft Entourage · Microsoft Internet Mail and News · MINUET · Mozilla Mail & Newsgroups · NeXTMail · Netscape Mail · Netscape Messenger 9 · Omni Mobile · Outlook Express · Pine · POPmail · Windows Mail · Windows Messaging Related technologies Extended SMTP · IMAP · POP · Push-IMAP · SMAP · SMTP · UUCP Related articles E-mail · Unicode and e-mail Category · Comparison · List