 | This article has multiple issues. Please helpimprove it or discuss these issues on thetalk page.(Learn how and when to remove these messages) (Learn how and when to remove this message)
|
| Internet protocol suite |
|---|
| Application layer |
| Transport layer |
| Internet layer |
| Link layer |
In computing, thePost Office Protocol (POP) is anapplication-layerInternet standardprotocol used bye-mail clients to retrievee-mail from a mail server.[1] Today, POP version 3 (POP3) is the most commonly used version. Together withIMAP, it is one of the most common protocols for email retrieval.
The Post Office Protocol provides access via anInternet Protocol (IP) network for a user client application to a mailbox (maildrop) maintained on a mail server. The protocol supports list, retrieve and delete operations for messages. POP3 clients connect, retrieve all messages, store them on the client computer, and finally delete them from the server.[2] This design of POP and its procedures was driven by the need of users having only temporary Internet connections, such asdial-up access, allowing these users to retrieve e-mail when connected, and subsequently to view and manipulate the retrieved messages when offline.
POP3 clients also have an option to leave mail on the server after retrieval, and in this mode of operation, clients will only download new messages which are identified by using the UIDL command (unique-id list). By contrast, theInternet Message Access Protocol (IMAP) was designed to normally leave all messages on the server to permit management with multiple client applications, and to support both connected (online) and disconnected (offline) modes of operation.
A POP3 server listens on TCPwell-known port number 110 for service requests.Encrypted communication for POP3 is either requested after protocol initiation, using theSTLS command, if supported, or by POP3S, which connects to the server usingTransport Layer Security (TLS) orSecure Sockets Layer (SSL) on well-knownTCPport number 995.
Messages available to the client are determined when a POP3 session opens the maildrop, and are identified by message-number local to thatsession or, optionally, by a unique identifier assigned to the message by the POP server. This unique identifier is permanent and unique to the maildrop and allows a client to access the same message in different POP sessions. Mail is retrieved and marked for deletion by the message-number. When the client exits the session, mail marked for deletion is removed from the maildrop.
The first version of the Post Office Protocol, POP1, was specified in RFC 918 (1984) byJoyce K. Reynolds. POP2 was specified in RFC 937 (1985).
POP3 is the version in most common use. It originated with RFC 1081 (1988) but the most recent specification is RFC 1939, updated with an extension mechanism (RFC 2449) and an authentication mechanism in RFC 1734. This led to a number of POP implementations such as Pine,POPmail, and other early mail clients.
While the original POP3 specification supported only an unencrypted USER/PASSlogin mechanism or Berkeley.rhosts access control, today POP3 supports severalauthentication methods to provide varying levels of protection against illegitimate access to a user's e-mail. Most are provided by the POP3 extension mechanisms. POP3 clients supportSASL authentication methods via the AUTH extension.MITProject Athena also produced aKerberized version. RFC 1460 introduced APOP into the core protocol. APOP is achallenge–response protocol which uses theMD5hash function in an attempt to avoidreplay attacks and disclosure of theshared secret. Clients implementing APOP includeMozilla Thunderbird, Opera Mail,Eudora,KMail,Novell Evolution, RimArts'Becky!,[3]Windows Live Mail, PowerMail,Apple Mail, andMutt. RFC 1460 was obsoleted by RFC 1725, which was in turn obsoleted by RFC 1939.
POP4 exists only as an informal proposal adding basic folder management, multipart message support, as well as message flag management to compete with IMAP; however, its development has not progressed since 2003. There are now two known POP4 server implementations. As of October 2013, the POP4.org domain and website are now hosted by simbey.com, which also runs the other POP4server implementation.[4]
An extension mechanism was proposed in RFC 2449 to accommodate general extensions as well as announce in an organized manner support for optional commands, such as TOP and UIDL. The RFC did not intend to encourage extensions, and reaffirmed that the role of POP3 is to provide simple support for mainly download-and-delete requirements of mailbox handling.
The extensions are termed capabilities and are listed by the CAPA command. With the exception of APOP, the optional commands were included in the initial set of capabilities. Following the lead of ESMTP (RFC 5321), capabilities beginning with an X signify local capabilities.
The STARTTLS extension allows the use ofTransport Layer Security (TLS) orSecure Sockets Layer (SSL) to be negotiated using theSTLS command, on the standard POP3 port, rather than an alternate. Some clients and servers instead use the alternate-port method, which uses TCP port 995 (POP3S).
Demon Internet introduced extensions to POP3 that allow multiple accounts per domain, and has become known asStandard Dial-up POP3 Service (SDPS).[5] To access each account, the username includes the hostname, asjohn@hostname orjohn+hostname.
Google Apps uses the same method.[6]
Incomputing, locale-mail clients can use theKerberized Post Office Protocol (KPOP), anapplication-layerInternet standardprotocol, to retrievee-mail from a remoteserver over aTCP/IP connection. The KPOP protocol is based on the POP3 protocol – differing in that it addsKerberos security and that it runs by default overTCP port number 1109 instead of 110. One mail server software implementation is found in theCyrus IMAP server.
The following POP3 session dialog is an example in RFC 1939:[7]
S: <wait for connection on TCP port 110>C: <open connection>S: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>C: APOP mrose c4c9334bac560ecc979e58001b3e22fbS: +OK mrose's maildrop has 2 messages (320 octets)C: STATS: +OK 2 320C: LISTS: +OK 2 messages (320 octets)S: 1 120S: 2 200S: .C: RETR 1S: +OK 120 octetsS: <the POP3 server sends message 1>S: .C: DELE 1S: +OK message 1 deletedC: RETR 2S: +OK 200 octetsS: <the POP3 server sends message 2>S: .C: DELE 2S: +OK message 2 deletedC: QUITS: +OK dewey POP3 server signing off (maildrop empty)C: <close connection>S: <wait for next connection>
POP3 servers without the optional APOP command expect the client to log in with the USER and PASS commands:
C: USER mroseS: +OK User acceptedC: PASS tanstaafS: +OK Pass accepted
TheInternet Message Access Protocol (IMAP) is an alternative and more recent mailbox access protocol. The highlights of differences are:
