Email Protocols - The guts of POP3

POP3 is a fairly simple protocol, working on standard ASCII with CR/LF newlines (If you aren't sure what any of that means, you might want to refer to a simpler blog post about POP, such as this one ). This makes it quite viable to perform POP3 testing over a telnet-style connection.

envelope with "at" symbol denoting email

I tested all of these commands with a standard Linux telnet command (Specifically from an Ubuntu Server install), for modern versions of Windows that lack a builtin telnet client, I entirely recommend PuTTY. To start with, open a connection to port 110 on your POP server of choice (ours is, as always, You'll get a response that looks like:

+OK Dovecot ready.

Things we can immediately analyze: The +OK is the 'positive' response from the server, indicating that (just like it sounds) things worked OK (The negative response is -ERR, and RFC compliance insists that they are sent exactly like that, uppercase and no space). So now we need to login, which is performed with the USER and PASS commands, as shown below.

PASS notmyrealpassword
+OK Logged in.

As you can see, the +OK positive response is sent after every command we send to the server (if the command succeeds, that is). Note that technically speaking, the USER command's argument ( in the example) is a 'mailbox name'. In virtually all email implementations today, this will be your email address (all lowercase, as email addresses always should be). Ok, so now we're logged in, this is usually about as far as you'll need to get for testing purposes, but for fun, how do we actually check email?

+OK 1 messages:
1 2203

For starters, we have the LIST command, which gives us, well, a list of messages. The list consists of each message's position in the list, such as '1' in this case, followed by the size of the message in bytes. To 'retrieve' a message, we can use the RETR command followed by the number of the message, such as 'RETR 1'. (Sample text for this email provided by Riker Ipsum )

+OK 2203 octets
Return-Path: <>
Received: (qmail 18914 invoked from network); 16 Aug 2013 20:22:05 -0000
Received: from localhost (HELO []) (
        by with SMTP
        (8498bc7a-06b1-11e3-a985-782bcb6d568b); Fri, 16 Aug 2013 14:22:05 -0600
Message-ID: <>
Date: Fri, 16 Aug 2013 14:22:05 -0600
From: "Bob F.P. Comm" <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
Subject: Test Email
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-MagicMail-UUID: 8498bc7a-06b1-11e3-a985-782bcb6d568b

Ensign Babyface! We could cause a diplomatic crisis. Take the ship into
the Neutral Zone Mr. Worf, you sound like a man who's asking his friend
if he can start dating his sister. You're going to be an interesting
companion, Mr. Data. Captain, why are we out here chasing comets? Your
shields were failing, sir. Commander William Riker of the Starship
Enterprise. We know you're dealing in stolen ore.

But I wanna talk about the assassination attempt on Lieutenant Worf. You
did exactly what you had to do. You considered all your options, you
tried every alternative and then you made the hard choice. Could someone
survive inside a transporter buffer for 75 years? How long can two
people talk about nothing? I can't. As much as I care about you, my
first duty is to the ship. You bet I'm agitated!

I may be surrounded by insanity, but I am not insane. The Enterprise
computer system is controlled by three primary main processor cores,
cross-linked with a redundant melacortz ramistat, fourteen kiloquad
interface modules. Computer, belay that order. About four years. I got
tired of hearing how young I looked.

The unexpected is our normal routine. Did you come here for something in
particular or just general Riker-bashing? This is not about revenge.
This is about justice. They were just sucked into space. Yesterday I did
not know how to eat gagh. Damage report!

To mark a message for deletion, you can use DELE # (note that you cannot use this on a message already marked for deletion!), this is connection-specific, opening another connection or reconnecting later will not preserve this information. As far as the actual handling of 'marked' messages, 'RSET' will remove the deletion mark from all marked messages, and 'QUIT' will both delete all marked messages and close the connection. Simply closing the connection will not delete emails from the server.

There is one other main command, 'TOP', and while support for this command is optional for servers, most support it. TOP will display the headers of an email, followed by the specified number of lines from the body, but otherwise it works mostly like RETR. So for instance 'TOP 2 0' will show only the headers of your second email, 'TOP 1 10' will show the headers and the first 10 lines of your first email.

That's about all for POP, I may tackle the subject of IMAP at a later date.