POP3 101

PoP3 started development in the Dial-Up networking days.  PoP1 was defined in 1984, PoP2 in 1985 and PoP3 in 1988.  It is defined as a maildrop system which minimises connect times to reduce connection costs.   The user uses an email client to enable a connection session to the PoP3 server.  In the session, the client downloads new messages including attachments to a local mail store, marks successfully downloaded messages for deletion, sends any waiting messages using SMTP and disconnects.  Messages marked for deletion are deleted following sign-off. This basically is how it still works today. 

There have been no fundamental changes since 1988.  However, since then extensions relating to access protocols where secure access is needed, in particular Kerebos security have been implemented.

Its current specification is RFC 1939.  That is updated in RFC 2449 to define an extension mechanism. RFC 1739 specifies an authentication mechanism. 
It must be understood that PoP3 is an access protocol for email servers and mailboxes.  It is not a definition of the mail server or mailbox itself.  There are alternative, newer, protocols like IMAP and HTTP, which allow the user to interact directly with the mail server using different techniques. 

As with other protocols, the ports used by PoP3 can be standard or varied to meet specific circumstances.  The standard port is 110 for unsecured access, and 995 for secured encrypted access using SSL or TLS.

Authentication Is typically by a user id/password key pair.   In early implementations the user id was a simple identifier (the bit to the left of the @).  Later on, this was modified to the full email address to allow PoP3 servers to host more than one email domain and to enhance authentication. 

Malware as always is an issue, both in the email content itself and in email attachments. In fact, email is the most common means of malware distribution, often by way of spam email.  In itself, the PoP3 standard does not address email message and content structure, but does provide API interfaces and other hooks that allow malware protection software and email clients to scan email before it and any associated attachments are downloaded.

Some commercial implementations supporting POP3 use non-standard ports specified in the mail server setup, port numbers which must be replicated in the client configuration.  The use of non-standard ports is a security measure.   PoP3 servers are often attacked with the objective of capturing the user list to be used in a later emission of spam email. In some cases, emails are sent with captured credentials pretending to be from a particular user to try to deceive the recipient. 

Other extensions to the basic PoP3 specification allow the mail server manager to make changes to the server configuration. The standard implementation deletes downloaded email at the end of a connection session. One extension allows the manager directly on the server or a user via the email client to define retention periods only after which mail is deleted.  
Finally, because PoP3 and the Mail server are basically text-based implementations driven by a command stream, it is possible to link directly to the mail server, using TELNET for example, and interact with it in command mode.  A client email collection session can be simulated manually by using PoP3 commands such as USER to request entry of your user id. 
Messages are numbered, using the LIST command will show all available messages, their number and size.  The RETR <message number> will retrieve and download a message.   Very simple. 
Email Client SoftwareEmail Server Software