Port 110: POP3 — The Post Office of the Internet

Port 110 is the address of the Internet's oldest functioning post office. When you connect to this port, you're speaking POP3, the Post Office Protocol version 3, a protocol designed for a world where being online was expensive, intermittent, and measured in minutes.

POP3 does one thing: it lets you pick up your mail and take it home.

What POP3 Does

When an email client connects to port 110, it initiates a simple conversation¹:

+OK POP3 server ready
USER alice
+OK
PASS secret
+OK alice's maildrop has 3 messages
LIST
1 1200
2 3400
3 890
RETR 1
+OK 1200 octets
[message content]
DELE 1
+OK message 1 deleted
QUIT
+OK dewstrm POP3 server signing off

That's the entire protocol. Authenticate. List messages. Retrieve them. Delete them. Quit.

There are no folders. No search. No synchronization across devices. POP3 sees only a numbered list of messages in your inbox, waiting to be claimed. This limitation was deliberate: every feature not included was a second saved on a dial-up connection.

The Three States

POP3 sessions progress through exactly three states²:

AUTHORIZATION: The client proves who it is using USER and PASS commands, sending credentials in plaintext across the network. Later versions added APOP, which uses MD5 hashing to authenticate without exposing the password directly.

TRANSACTION: The authenticated client can now work with their mail. STAT returns the count and total size. LIST enumerates each message. RETR downloads a message. DELE marks it for deletion. RSET unmarks everything. This state is where the actual work happens.

UPDATE: When the client sends QUIT, the server permanently deletes every message marked during the transaction and closes the connection. Until that QUIT arrives, nothing is truly deleted.

The Problem POP3 Solved

In 1984, email already existed. SMTP had been moving messages between servers since 1982. But there was a problem: email lived on servers, and most people didn't have servers³.

They had workstations. They had personal computers. They had dial-up modems that charged by the minute. The server that held your email was always on, always connected. You were not.

Joyce K. Reynolds at USC's Information Sciences Institute saw this gap. In October 1984, she published RFC 918, the first Post Office Protocol⁴. The idea was simple: let small machines retrieve mail from big machines, then disconnect. Your workstation doesn't need to run a mail server. It just needs to visit the post office occasionally.

The protocol was experimental. It was five pages long. It worked.

Evolution of a Protocol

POP2 arrived in 1985 with RFC 937, adding modest improvements. But the version that conquered the world was POP3, specified by Marshall Rose in RFC 1081 in November 1988⁵.

Rose, who would later be called "the inventor of the POP protocols" by colleagues, chaired the IETF's POP Working Group⁶. Under his leadership, POP3 gained features that made it robust enough for widespread deployment:

• Session states that ensured reliable, predictable interactions
• Clear response formats (+OK for success, -ERR for failure)
• Optional commands like TOP for fetching just message headers
• APOP authentication to address the plaintext password problem

The protocol was refined through RFC 1225 (1991), RFC 1460 (1993), and RFC 1725 (1994) before reaching its final form in RFC 1939, published May 1996⁷. That document, authored by John Myers and Marshall Rose, remains the current POP3 specification.

The People Behind the Protocol

Joyce K. Reynolds (1952–2015) authored or co-authored over 95 RFCs during her career at USC-ISI⁸. She worked alongside Jon Postel, the legendary editor of the RFC series, and Vint Cerf described them as functioning "in unison like a matched pair of superconducting electrons." After Postel's death in 1998, Reynolds co-led the RFC Editor function until 2006. She received the Postel Award in 2006 alongside Bob Braden for her contributions to the Internet. She died in December 2015 from complications of cancer.

Marshall T. Rose (born 1961) holds a Ph.D. in Information and Computer Science from UC Irvine⁹. Beyond POP3, he chaired the SNMP working group and transformed the Simple Gateway Monitoring Protocol into the network management framework still used today. His books on Internet messaging documented the email infrastructure he helped build.

These two people, working at different times on the same problem, created the protocol that brought email to personal computers.

The Security Problem

POP3 was designed before encryption was standard. The original protocol sends usernames and passwords in plaintext across the network¹⁰. Anyone watching the traffic, on a shared WiFi network, at an ISP, anywhere along the path, can read your credentials character by character.

The APOP command, added in RFC 1460, provided a workaround: the server sends a unique timestamp in its greeting, the client combines this with the password to generate an MD5 digest, and only the digest crosses the network. But MD5 is now considered cryptographically broken, and APOP was never widely adopted.

The real solution came separately: POP3S on port 995¹¹. This wraps the entire POP3 conversation in TLS encryption, protecting everything from the first byte. Many email services now refuse unencrypted connections on port 110 entirely.

Common vulnerabilities on port 110 include¹²:

• Credential sniffing: Passive capture of plaintext USER/PASS commands
• Brute force attacks: No rate limiting or account lockout in the protocol specification
• Man-in-the-middle attacks: Without TLS, every packet can be read or modified
• Server misconfiguration: Some servers log credentials in plaintext when debug modes are enabled

If you're still running POP3 on port 110 without TLS, every password your users type is being broadcast to anyone listening.

POP3 vs. IMAP

POP3 downloads mail and (usually) deletes it from the server. IMAP keeps mail on the server and synchronizes across devices¹³.

POP3 made sense when storage was expensive, connections were metered, and people used one computer. IMAP makes sense now, when storage is cheap, connections are constant, and people switch between phone, laptop, and desktop throughout the day.

According to Forrester's 2024 research, IMAP is now the preferred protocol for multi-device synchronization¹⁴. POP3 remains useful for specific scenarios: single-device setups, limited server storage quotas, or the desire to maintain local archives independent of any provider.

Why Port 110 Still Matters

Surprising numbers of organizations still run POP3 on port 110, including governments and enterprises¹⁵. Legacy systems built around the protocol are difficult to migrate. Workflows established over decades resist change.

Over 361 billion emails were sent daily in 2024¹⁶. Some portion of those still arrive through the post office at port 110.

The protocol persists not because it's the best option but because it works. POP3 does exactly what its creators intended: let resource-constrained clients retrieve mail from always-on servers. That the constraints have changed, that "resource-constrained" once meant a 14.4k modem and now means a smartphone with more computing power than a 1990s datacenter, doesn't change the fundamental utility.

POP3 was designed for intermittent connectivity. It turns out intermittent connectivity never went away; it just got faster.

Related Ports

• Port 25 (SMTP): Sends mail between servers, the complement to POP3's retrieval
• Port 143 (IMAP): The modern alternative for multi-device mail access
• Port 465 (SMTPS): Encrypted SMTP submission
• Port 587 (Submission): Mail submission from clients to servers
• Port 993 (IMAPS): IMAP over TLS
• Port 995 (POP3S): POP3 over TLS, the encrypted version of this port