Port 995: POP3S (Secure POP3)

When you retrieve email over POP3S, something philosophically different happens compared to IMAP: the messages move from the server to your computer and—typically—disappear from the server entirely. Port 995 ensures this transfer happens securely, wrapping every byte in TLS encryption from the moment the connection begins.

This isn't just a technical detail. It's a choice about where your email lives.

The Security Model

Port 995 uses implicit TLS—encryption starts immediately, before any protocol commands are exchanged. Compare this to port 110, where the connection begins unencrypted and must upgrade to TLS using a STARTTLS command.

The difference matters. With port 110's opportunistic encryption, there's a window—brief but real—where an attacker could intercept the connection before encryption kicks in, or strip away the upgrade entirely. Port 995 eliminates this window. The TLS handshake happens first. Your credentials never travel in the clear.

This is the difference between a locked door and a door you plan to lock after you walk through it.

When POP3S Makes Sense

IMAP dominates modern email because people check email from multiple devices. But POP3S serves specific workflows that IMAP handles poorly:

Single-device email: If you access email from one computer and want messages stored locally, POP3S delivers exactly that. No synchronization complexity, no server-side storage concerns.

True offline access: POP3S downloads complete messages to your device. Once downloaded, they're yours—accessible regardless of Internet connectivity or server status. IMAP's offline mode is an approximation; POP3's is inherent.

Privacy through deletion: Some users don't want email sitting on servers indefinitely. POP3S enables immediate removal after download, minimizing exposure if your provider experiences a breach.

Storage constraints: Limited server quota? Download messages via POP3S, delete them from the server, and maintain your complete email history locally.

With POP3, your emails become files on your computer. With IMAP, they remain guests on someone else's server.

Configuration

Configuring POP3S requires specific settings:

Port: 995. This tells your client to expect implicit TLS.

Encryption: Select "SSL/TLS" or "SSL"—not STARTTLS. You want encryption from connection start.

Server: Your provider's POP3 server, typically pop.example.com or mail.example.com.

Authentication: Your email address and password. Many providers now require app-specific passwords rather than your main account credentials.

Message handling: Configure whether to delete messages from the server after download. "Leave a copy on server" provides a safety net but defeats POP3's storage advantages. Some clients offer a middle ground—delete after a set number of days.

Verify the connection shows a secure indicator (usually a lock icon) after configuration. If it doesn't, something's misconfigured.

Why IMAP Won

IMAP became dominant because email usage changed. People now access email from phones, tablets, laptops, and desktop computers—sometimes all in the same day. IMAP's server-side storage and synchronization model handles this naturally. POP3's download-to-one-device model doesn't.

But "dominant" doesn't mean "always appropriate." POP3S remains the right choice when you want your email to truly be yours—downloaded, local, and independent of server availability. The protocol is decades old, but the need it serves hasn't disappeared.