anavem.
Back to Glossary
P

POP3 (Post Office Protocol v3)

POP3 is an email protocol that downloads messages from a mail server to a local device, typically removing them from the server after retrieval.

What is POP3?

Post Office Protocol version 3 (POP3) is an email retrieval protocol that allows a client to download emails from a mail server to a local device. Once downloaded, messages are usually deleted from the server, although some clients allow keeping a copy. POP3 is one of the oldest email access protocols and is still supported for compatibility and simple use cases.

Why POP3 matters

POP3 remains relevant because it:

  • Enables offline access to emails
  • Uses minimal server storage
  • Is simple to configure and operate
  • Works well for single-device usage
  • Is supported by nearly all mail servers

However, it is less suited for modern, multi-device environments.

How POP3 works (simplified)

A typical POP3 workflow:

  1. The email client connects to the POP3 server
  2. Messages are authenticated and listed
  3. Emails are downloaded to the local device
  4. Messages are deleted from the server (by default)
  5. The connection is closed

POP3 sessions are stateless and short-lived.

POP3 vs IMAP

AspectPOP3IMAP
StorageLocalServer-side
Multi-device syncNoYes
Offline accessStrongPartial
Server usageLowHigher
Modern usageLimitedPreferred

IMAP is generally recommended for most users today.

POP3 ports and security

Common POP3 configurations:

  • Port 110 – POP3 (STARTTLS)
  • Port 995 – POP3S (POP3 over TLS)

Best practice is to use POP3 over TLS (port 995) to protect credentials and email content.

POP3 and security considerations

From a security perspective:

  • POP3 transmits credentials and emails unless encrypted
  • POP3 access is often targeted after phishing attacks
  • Compromised POP3 credentials can enable data exfiltration
  • POP3 lacks native support for modern auth mechanisms

Many organizations restrict or disable POP3 for security reasons.

POP3 in enterprise environments

POP3 is typically used for:

  • Legacy systems or applications
  • Simple mail access on a single device
  • Low-bandwidth or intermittent connections
  • Transitional setups during migrations

Enterprises increasingly favor IMAP or API-based access instead.

POP3 limitations

POP3 does not:

  • Sync email state across devices
  • Preserve server-side folders reliably
  • Support real-time updates
  • Integrate well with modern identity controls

These limitations make it less suitable for cloud-first environments.

Common misconceptions

  • "POP3 is more secure than IMAP"
  • "POP3 is obsolete everywhere"
  • "POP3 supports multi-device sync"
  • "POP3 encrypts email by default"