The design of POP3 and its procedures supports end-users with intermittent connections (such as dial-up connections), allowing these users to retrieve e-mail when connected and then to view and manipulate the retrieved messages without needing to stay connected. Although most clients have an option to leave mail on server, e-mail clients using POP3 generally connect, retrieve all messages, store them on the user's PC as new messages, delete them from the server, and then disconnect. In contrast, the newer, more capable Internet Message Access Protocol (IMAP) supports both connected (online) and disconnected (offline) modes of operation. E-mail clients using IMAP generally leave messages on the server until the user explicitly deletes them. This and other aspects of IMAP operation allow multiple clients to access the same mailbox. Most e-mail clients support either POP3 or IMAP to retrieve messages; however, fewer Internet Service Providers (ISPs) support IMAP. The fundamental difference between POP3 and IMAP4 is that POP3 offers access to a mail drop; the mail exists on the server until it is collected by the client. Even if the client leaves some or all messages on the server, the client's message store is considered authoritative. In contrast, IMAP4 offers access to the mail store; the client may store local copies of the messages, but these are considered to be a temporary cache; the server's store is authoritative.
Clients with a leave mail on server option generally use the POP3 UIDL (Unique IDentification Listing) command. Most POP3 commands identify specific messages by their ordinal number on the mail server. This creates a problem for a client intending to leave messages on the server, since these message numbers may change from one connection to the server to another. For example if a mailbox contains five messages at last connect, and a different client then deletes message #3, the next connecting user will find the last two messages' numbers decremented by one. UIDL provides a mechanism to avoid these numbering issues. The server assigns a string of characters as a permanent and unique ID for the message. When a POP3-compatible e-mail client connects to the server, it can use the UIDL command to get the current mapping from these message IDs to the ordinal message numbers. The client can then use this mapping to determine which messages it has yet to download, which saves time when downloading. IMAP has a similar mechanism, a 32-bit unique identifier (UID) that must be assigned to messages in ascending (although not necessarily consecutive) order as they are received. Because IMAP UIDs are assigned in this manner, to retrieve new messages an IMAP client need only request the UIDs greater than the highest UID among all previously-retrieved messages, whereas a POP client must fetch the entire UIDL map. For large mailboxes, this difference can be significant.
Whether using POP3 or IMAP to retrieve messages, e-mail clients typically use the SMTP_Submit profile of the Simple Mail Transfer Protocol (SMTP) to send messages. E-mail clients are commonly categorized as either POP or IMAP clients, but in both cases the clients also use SMTP. There are extensions to POP3 that allow some clients to transmit outbound mail via POP3 - these are known as "XTND XMIT" extensions. The Qualcomm qpopper and CommuniGate Pro servers and Eudora clients are examples of systems that optionally utilize the XTND XMIT methods of authenticated client-to-server e-mail transmission.
MIME serves as the standard for attachments and non-ASCII text in e-mail. Although neither POP3 nor SMTP require MIME-formatted e-mail, essentially all Internet e-mail comes MIME-formatted, so POP clients must also understand and use MIME. IMAP, by design, assumes MIME-formatted e-mail.
Like many other older Internet protocols, POP3 originally supported only an unencrypted login mechanism. Although plain text transmission of passwords in POP3 still commonly occurs, POP3 currently supports several authentication methods to provide varying levels of protection against illegitimate access to a user's e-mail. One such method, APOP, uses the MD5 hash function in an attempt to avoid replay attacks and disclosure of the shared secret. Clients implementing APOP include Mozilla Thunderbird, Opera, Eudora, KMail, Novell Evolution, Windows Live Mail, PowerMail, and Mutt. POP3 clients can also support SASL authentication methods via the AUTH extension. MIT Project Athena also produced a Kerberized version.
POP3 works over a TCP/IP connection using TCP on network port 110. E-mail clients can encrypt POP3 traffic using TLS or SSL. A TLS or SSL connection is negotiated using the STLS command. Some clients and servers, like Google Gmail, instead use the deprecated alternate-port method, which uses TCP port 995.
bold letters==Dialog example== RFC 1939 APOP support indicated by <firstname.lastname@example.org> here:
S: +OK POP3 server ready <email@example.com>
C: APOP mrose c4c9334bac560ecc979e58001b3e22fb
S: +OK mrose's maildrop has 2 messages (320 octets)
S: +OK 2 320
S: +OK 2 messages (320 octets)
S: 1 120
S: 2 200
C: RETR 1
S: +OK 120 octets
C: DELE 1
S: +OK message 1 deleted
C: RETR 2
S: +OK 200 octets
C: DELE 2
S: +OK message 2 deleted
S: +OK dewey POP3 server signing off (maildrop empty)
POP3 servers without the optional APOP command expect you to log in with the USER and PASS commands:
C: USER mrose
S: +OK User accepted
C: PASS mrosepass
S: +OK Pass accepted
While not yet an official standardized mail protocol, a proposal has been outlined for a POP4 specification, complete with a working server implementation.
The proposed POP4 extension adds basic folder management, multipart message support, as well as message flag management, allowing for a light protocol which supports some popular IMAP features which POP3 currently lacks.
No progress has been observed in the POP4 specification since 2003.
Demon Internet introduced extensions to POP3 that allow multiple accounts per domain, and has become known as Standard Dial-up POP3 Service (SDPS).
To access each account, the username includes the hostname, as john@hostname or john+hostname.