Port 110: POP3 (Email Retrieval)

When you check your email with POP3, something philosophically different happens than with most modern protocols. Your computer doesn't view your email. Your computer becomes your email. The messages transfer from the server to your machine, and then they're gone from the server—like taking letters out of a physical mailbox.

That's not a bug. That's the entire design.

The Post Office Model

POP3—Post Office Protocol version 3—works exactly like its name suggests. Your mail server is the post office. It holds your messages until you pick them up. Once you've picked them up, the post office doesn't keep copies. The letters are yours now.

This made perfect sense in 1988 when the protocol was designed¹. Server storage was expensive. Internet connections were dial-up and metered. Your desktop computer was the only device you'd ever use to read email. Why pay to store messages on a server when you had a perfectly good hard drive?

Port 110 is where this transaction happens—the default TCP port for POP3 connections.

How a POP3 Session Works

The protocol is simple. Three states, a handful of commands, done.

Authorization: You connect to port 110 and prove who you are. The classic method sends your username and password in plaintext (yes, really—we'll get to that). USER sends your username, PASS sends your password.

Transaction: Now you interact with your mailbox. LIST shows what's waiting. RETR downloads a specific message. DELE marks one for deletion.

Update: You say QUIT, and the server deletes everything you marked. Connection closes. The post office is empty again.

No folders, no flags, no synchronization state. Just download and delete.

When Download-and-Delete Makes Sense

POP3's model creates specific trade-offs:

You own your archive. Every email you've ever received lives on your hard drive. No server quota limits. No dependency on a provider staying in business. Your email is yours in a way that server-stored email never quite is.

One device, though. Download your email on your desktop, and it's not on the server anymore. Check from your phone later? Those messages won't be there. POP3 assumes you have a computer, not computers.

Offline by default. Your entire email history is local. No Internet needed to search through years of correspondence. This mattered enormously when "online" meant tying up your phone line.

Modern POP3 clients often offer a "leave messages on server" option that softens the download-and-delete behavior. But that's swimming against the protocol's current—you get awkward partial synchronization rather than the clean simplicity POP3 was designed for.

POP3 vs. IMAP: Different Philosophies

IMAP doesn't download your email. It lets you view email that lives on the server. The server is authoritative. Your devices are just windows into it.

This means:

• Read something on your phone, it's marked read on your laptop
• Delete something anywhere, it's deleted everywhere
• Organize into folders, and every device sees the same folders

POP3 can't do this because POP3 doesn't try to do this. They're solving different problems.

Choose POP3 when: One device. Local storage. You want to own your archive outright. You're archiving a mailbox to a backup system.

Choose IMAP when: Multiple devices. You expect your email to follow you. Server storage isn't a constraint.

Neither is wrong. They're different relationships with where your email lives.

The Security Problem with Port 110

Port 110 is completely unencrypted.

Every byte between your email client and the server travels in plaintext. Your username. Your password. The love letters. The financial statements. All of it readable by anyone positioned between you and the server—your coffee shop's Wi-Fi operator, your ISP, anyone who's compromised a router along the path.

This isn't theoretical. Tools like Wireshark will show you POP3 passwords floating by in readable text.

Port 995: POP3 with Armor

POP3S—POP3 Secure—wraps the entire connection in TLS encryption from the first byte². It runs on port 995 instead of 110. Same protocol, same commands, same download-and-delete model. But everything is encrypted before it leaves your machine.

There's also STARTTLS, which starts unencrypted on port 110 and then upgrades to encryption. But this is vulnerable to downgrade attacks—an attacker can strip out the upgrade announcement, and many clients will shrug and continue unencrypted. Port 995 doesn't have this problem. Encryption isn't optional; it's the only way the connection works.

Use port 995. Always. Port 110 should only exist in network diagrams explaining why we don't use it anymore.

The Enduring Appeal

POP3 survives because simplicity has value. Not every email workflow needs synchronization across devices. Sometimes you want a protocol that does one thing—download your mail—and does it without complexity.

The post office doesn't track whether you've read your letters. It doesn't know which ones you've filed where. It just holds them until you pick them up. Your email is your business, not the server's.

Just make sure you're picking it up over an encrypted connection.

Sources