POP3

POP3 was designed in the 1980s when users had one computer and server storage was expensive. The model is simple: connect to the server, download all new messages, delete them from the server, disconnect. This keeps the server clean and gives you a local copy. The problem is that "local" means exactly one device — your phone won't see messages your laptop already downloaded. Modern multi-device use requires IMAP, which keeps messages on the server and synchronises state across devices.

POP3 vs IMAP vs Exchange/ActiveSync

POP3 ports: 110 and 995

POP3 uses two well-known ports. Port 110 is the original plaintext port — the entire session including your username and password travels unencrypted. Using port 110 on any network other than a trusted local network exposes credentials to anyone who can intercept traffic. Port 995 is POP3S — POP3 wrapped in TLS — and is the only port that should be used in practice. All modern email clients default to port 995. Many providers have permanently disabled port 110 and reject unencrypted connections entirely. When configuring a mail client manually, always choose SSL/TLS on port 995, not STARTTLS on port 110.

POP3 session flow

A POP3 session proceeds through three defined phases:

• Authorisation phase: the client connects and authenticates. Commands: USER username followed by PASS password, or AUTH for SASL-based mechanisms. The server responds with +OK on success or -ERR on failure.
• Transaction phase: the client retrieves message information and downloads mail. Key commands: STAT (returns message count and total size), LIST (lists individual message numbers and sizes), RETR n (downloads the full text of message n), DELE n (marks message n for deletion — not deleted yet), NOOP (keeps the connection alive), RSET (unmarks all deletions).
• Update phase: triggered by the QUIT command. The server executes all pending DELE operations, then closes the TCP connection. Messages marked with DELE are permanently removed from the server at this point.

The entire protocol is ASCII text commands over a TCP connection, making it straightforward to test manually: openssl s_client -connect mail.example.com:995 opens a TLS connection where you can type POP3 commands directly and read the responses.

Why POP3 is still used

Despite IMAP's dominance, POP3 has specific legitimate use cases in 2025:

• Privacy and data ownership: messages are downloaded to your device and removed from the provider's server. If the provider is compromised, breached, or closes, your email archive is safe locally.
• Offline-first workflows: users who deliberately want all email in a local client (Thunderbird, Outlook) with no dependency on server uptime.
• Archiving pipelines: automated scripts that ingest email from a mailbox into a database or processing queue, where server-side folder management is irrelevant.
• Avoiding server storage quotas: for free email accounts with limited storage, POP3 removes messages after download, preventing the mailbox from filling up.

POP3 limitations

POP3 has no concept of folders, flags, or server-side state beyond "downloaded or not." You cannot create a Sent folder that syncs across devices, mark messages as read on one device and see that state on another, or organise mail into folders that persist on the server. Every POP3 device independently downloads the full set of new messages — if you have both a phone and a laptop configured with POP3, each will download a separate copy of every message, creating duplicates in each local archive. The "leave messages on server" setting partially addresses this but does not solve synchronisation.

POP3 and spam filtering

Most mail providers run spam filtering before POP3 retrieval — spam is quarantined on the server before it reaches your POP3 inbox. However, because POP3 downloads and removes messages, you lose the ability to review your spam folder on the server through the mail client. Many providers keep a server-side spam folder that is accessible only via webmail; POP3 clients only see the main inbox. If you miss expected emails, check the provider's webmail spam folder directly, as POP3 gives no visibility into it.

When to choose POP3 over IMAP today

Choose POP3 when: you use exactly one device for email, you want messages removed from the provider's servers for privacy, you are building an automated email ingestion system, or you specifically need a local offline archive that is independent of any provider. Choose IMAP (or Exchange/ActiveSync) for every other scenario — particularly if you access email on more than one device, use a phone and a desktop client, or need folder organisation and read-state synchronisation.

Frequently Asked Questions

Should I use POP3 or IMAP?

IMAP in almost all cases. IMAP keeps email on the server and syncs read/unread status and folders across all devices. POP3 downloads to one device and deletes from the server. POP3 is only practical if you specifically want a single-device local archive with no multi-device requirements.

What port does POP3 use?

Port 110 for unencrypted plaintext — avoid this entirely. Port 995 for POP3S (POP3 over TLS), which is the only correct choice for all real-world use. All modern email clients default to 995. Many providers have disabled port 110 permanently.

Can POP3 leave messages on the server?

Yes — most clients have a "leave on server for N days" option. But this does not sync read status, deletions, or folder organisation across devices. Each device downloads its own independent copy. It is a workaround, not true synchronisation. Use IMAP if multi-device access matters.