Home > Help Center > Shared Hosting > Email > POP3 Mail Protocol

POP3 Mail Protocol

The POP3 protocol was created when Internet services were largely dependent on the insufficient resources at that time, such as disk space and the impossibility of establishing a permanent Internet connection due to high costs and a lack of infrastructure.

Therefore, the primary function of POP3 client was (and still remains) to establish a connection to a mail server, to download the mail to the local computer, to delete messages from the server, and to close the connection.

POP3 is not intended to provide extensive manipulation of mail on the server - it just downloads messages and deletes them.

POP3 constraints and the need from extended functionality and more features are the main reasons for creating a modern, functions-rich and user-friendly IMAP mail protocol.

In which cases POP3 seems to be more preferable than IMAP?

  • When you have insufficient disk space on the mail server
  • If you often stay in places without internet access, and want your mail to be at your disposal.
  • If you do not want your mail to reside on a server beyond your control.

In any case, this does not mean that IMAP does not provide adequate solution to the above situations.

How does POP3 mail protocol work?

The POP3 server listens for TCP connections on standard ports 110 and 995 (SSL/TLS).

The client establishes a TCP connection and the POP3 server sends a greeting. The client and the POP3 server exchange commands and responses until the connection is closed or aborted.

  • POP3 commands consists of a non-case-sensitive keyword followed by one or more arguments.

  • POP3 responses consist of a status indicator and a keyword eventually followed by additional information.

POP3 Session States

Each POP3 session passes through several states:

  • Authorization
  • Transaction
  • Update

After the TCP connection is established and POP3 server sends a greeting:

S: + OK POP3 server ready

the session enters Authorization state.

The client must now identify and authenticate itself to the POP3 server.

Two authentication mechanisms are provided - a combination of USER and PASS commands and the APOP command.

Normally, each POP3 session starts with a USER/PASS exchange.

To authenticate using the USER and PASS combination, the client must first issue the USER command.

If the POP3 server responds positively to the status indicator ("+ OK") the client may either issue the PASS command to complete the authentication or the QUIT command to terminate the POP3 session.

C:    USER pop3user
S:    +OK User accepted
C:    PASS secret098
S:    +OK Pass accepted

APOP is an alternative authentication method that uses the original USER/PASS authentication without sending an unsecured password over the network.

APOP is composed of a string that identifies the mail and an MD5 encrypted unique identifier:



  • Process-ID - the decimal value of the process's PID
  • Clock - the decimal value of the system clock
  • Hostname - the fully-qualified domain name corresponding to the host where the POP3 server is running.
S: +OK POP3 server ready <1896.697170952@example.com>
C: APOP pop3user b4c9334bac560ecc979e58001b3e22fb
S: +OK maildrop has 1 message (369 octets)

Once the client has successfully authenticated to the POP3 server and the POP3 server has locked and opened the corresponding maildrop, the POP3 session is now in Transaction state.

Maildrop is a mail delivery agent (MDA) and POP3 is responsible to permit access to the maildrop.

Now the client can send each POP3 commands multiple times. POP3 server returns a response to each sent command. Finally, the client issues the QUIT command and the POP3 session enters the Update state.

The POP3 server marks each message as deleted. Any future reference to a marked message number will generate an error.

The POP3 server does not actually delete any messages until the POP3 session enters the Update state.

When the client issues the QUIT command from the Transaction state, the POP3 session enters the Update state. If the client issues the QUIT command from the Authorization state, the POP3 session is discontinued but does not enter Update state.

If the session ends for any reason other than issuing the QUIT command, POP3 session does not enter Update and do not remove messages from maildrop.

The POP3 server removes all messages marked as deleted upon issuing the QUIT command by the client. The server releases any exclusive-access lock on the maildrop and closes the TCP connection.

Example POP3 Session

S: <wait for connection on TCP port 110>
C: <open connection>
S:    +OK POP3 server ready <1896.697170952@example.com>
C:    APOP pop3user b4c9334bac560ecc979e58001b3e22fb
S:    +OK pop3user's maildrop has 2 messages (320 octets)
C:    STAT
S:    +OK 2 320
C:    LIST
S:    +OK 2 messages (320 octets)
S:    1 120
S:    2 200
S:    .
C:    RETR 1
S:    +OK 120 octets
S:    <the POP3 server sends message 1>
S:    .
C:    DELE 1
S:    +OK message 1 deleted
C:    RETR 2
S:    +OK 200 octets
S:    <the POP3 server sends message 2>
S:    .
C:    DELE 2
S:    +OK message 2 deleted
C:    QUIT
S:    +OK dewey POP3 server signing off (maildrop empty)
C:  <close connection>
S:  <wait for next connection>


In spite of its limited functionality, the POP3 protocol is supported by all modern mail servers, including Dovecot, which is used for incoming mail server by cPanel.

#email #server #overview

Still not finding what you're looking for?

Contact our support team with any additional questions or concerns.

Contact support