Your business’ toughest competition might be criminal. See why.
Utility navigation bar redirect icon
Portal LoginSupportContact
Search
Close search
Huntress Logo in Teal
  • Platform Overview
    Managed EDR

    Get full endpoint visibility, detection, and response

    Managed EDR

    Get full endpoint visibility, detection, and response

    Managed ITDR

    Protect your Microsoft 365 identities and email environments.

    Managed ITDR

    Protect your Microsoft 365 identities and email environments.

    Managed SIEM

    Managed threat response and robust compliance support at a predictable price.

    Managed SIEM

    Managed threat response and robust compliance support at a predictable price.

    Managed Security Awareness Training

    Empower your teams with science-backed security awareness training.

    Managed Security Awareness Training

    Empower your teams with science-backed security awareness training.

    Integrations
    Integrations
    Support Documentation
    Support Documentation
    See Huntress in Action

    Quickly deploy and manage real-time protection for endpoints, email, and employees - all from a single dashboard.

    Huntress Cybersecurity
    See Huntress in Action

    Quickly deploy and manage real-time protection for endpoints, email, and employees - all from a single dashboard.

    Huntress Cybersecurity
  • Threats We Stop
    Phishing
    Phishing
    Business Email Compromise
    Business Email Compromise
    Ransomware
    Ransomware
    View Allright arrowView Allright arrow
    Industries We Serve
    Education
    Education
    Financial Services
    Financial Services
    State and Local Government
    State and Local Government
    Healthcare
    Healthcare
    Law Firms
    Law Firms
    Manufacturing
    Manufacturing
    Utilities
    Utilities
    View Allright arrowView Allright arrow
    Tailored Solutions
    MSPs
    MSPs
    Resellers
    Resellers
    SMBs
    SMBs
    Compliance
    Compliance
    Cybercriminals Have Evolved

    Get the intel on today’s cybercriminal groups and learn how to protect yourself.

    Huntress Cybersecurity
    Cybercriminals Have Evolved

    Get the intel on today’s cybercriminal groups and learn how to protect yourself.

    Huntress Cybersecurity
  • Pricing
  • Community Series
    The Product Lab

    Shape the next big thing in cybersecurity together.

    The Product Lab

    Shape the next big thing in cybersecurity together.

    Fireside Chat

    Real people. Real perspectives. Better conversations.

    Fireside Chat

    Real people. Real perspectives. Better conversations.

    Tradecraft Tuesday

    No products, no pitches – just tradecraft.

    Tradecraft Tuesday

    No products, no pitches – just tradecraft.

    _declassified

    Exposing hidden truths in the world of cybersecurity.

    _declassified

    Exposing hidden truths in the world of cybersecurity.

    Resources
    Upcoming Events
    Upcoming Events
    ebooks
    ebooks
    On-Demand Webinars
    On-Demand Webinars
    Videos
    Videos
    Whitepapers
    Whitepapers
    Datasheets
    Datasheets
    Cybersecurity Education
    Cybersecurity 101
    Cybersecurity 101
    Cybersecurity Guides
    Cybersecurity Guides
    Threat Library
    Threat Library
    Real Tradecraft, Real Results
    Real Tradecraft, Real Results
    2026 Cyber Threat Report
    2026 Cyber Threat Report
    The Huntress Blog
    Huntress Lands on the Microsoft Marketplace
    Huntress Cybersecurity
    Huntress Lands on the Microsoft Marketplace
    Huntress Cybersecurity
    How Huntress & DEFCERT Are Streamlining CMMC Assessment Prep
    Huntress Cybersecurity
    How Huntress & DEFCERT Are Streamlining CMMC Assessment Prep
    Huntress Cybersecurity
    Live Hacking Into Microsoft 365 with Kyle Hanslovan
    Huntress Cybersecurity
    Live Hacking Into Microsoft 365 with Kyle Hanslovan
    Huntress Cybersecurity
  • Why Huntress

    Go beyond AI in the fight against today’s hackers with Huntress Managed EDR purpose-built for your needs

    Huntress Cybersecurity
    Why Huntress

    Go beyond AI in the fight against today’s hackers with Huntress Managed EDR purpose-built for your needs

    Huntress Cybersecurity
    The Huntress SOC

    24/7 Security Operations Center

    The Huntress SOC

    24/7 Security Operations Center

    Reviews

    Why businesses of all sizes trust Huntress to defend their assets

    Reviews

    Why businesses of all sizes trust Huntress to defend their assets

    Case Studies

    Learn directly from our partners how Huntress has helped them

    Case Studies

    Learn directly from our partners how Huntress has helped them

    Community

    Get in touch with the Huntress Community team

    Community

    Get in touch with the Huntress Community team

    Compare Huntress
    Bitdefender
    Bitdefender
    Blackpoint
    Blackpoint
    Breach Secure Now!
    Breach Secure Now!
    Crowdstrike
    Crowdstrike
    Datto
    Datto
    SentinelOne
    SentinelOne
    Sophos
    Sophos
    Compare Allright arrowCompare Allright arrow
  • HUNTRESS HUB

    Login to access top-notch marketing resources, tools, and training.

    Huntress Cybersecurity
    HUNTRESS HUB

    Login to access top-notch marketing resources, tools, and training.

    Huntress Cybersecurity
    Partners
    MSPs

    Join our partner community to deliver expert-led managed security.

    MSPs

    Join our partner community to deliver expert-led managed security.

    Resellers

    Partner program designed to grow your cybersecurity business.

    Resellers

    Partner program designed to grow your cybersecurity business.

    Tech Alliances

    Driving innovation through global technology Partnerships

    Tech Alliances

    Driving innovation through global technology Partnerships

    Microsoft Partnership

    A Level-Up for Your Business Security

    Microsoft Partnership

    A Level-Up for Your Business Security

  • Press Release
    Huntress Announces Collaboration with Microsoft to Strengthen Cybersecurity for Businesses of All Sizes
    Huntress Cybersecurity
    Press Release
    Huntress Announces Collaboration with Microsoft to Strengthen Cybersecurity for Businesses of All Sizes
    Huntress Cybersecurity
    Our Story

    We're on a mission to shatter the barriers to enterprise-level security.

    Our Story

    We're on a mission to shatter the barriers to enterprise-level security.

    Newsroom

    Explore press releases, news articles, media interviews and more.

    Newsroom

    Explore press releases, news articles, media interviews and more.

    Meet the Team

    Founded by former NSA Cyber Operators. Backed by security researchers.

    Meet the Team

    Founded by former NSA Cyber Operators. Backed by security researchers.

    Careers

    Ready to shake up the cybersecurity world? Join the hunt.

    Careers

    Ready to shake up the cybersecurity world? Join the hunt.

    Awards
    Awards
    Contact Us
    Contact Us
  • Portal Login
  • Support
  • Contact
  • Search
  • Get a Demo
  • Start for Free
Portal LoginSupportContact
Search
Close search
Get a Demo
Start for Free
HomeCybersecurity 101
POP3

What is Post Office Protocol and Why Does it Matter in Cybersecurity

Published: 9/26/25

Written by: Lizzie Danielson

Glitch effectGlitch effect

Post Office Protocol (POP) is a standard way for your email client (like Outlook or Thunderbird) to retrieve emails from a remote server to your computer. Most people are talking about POP3, the current version, which is still widely used today.

Whether you’re just starting out in cybersecurity or you’re knee-deep in protecting networks, you’ll see POP3 pop up all the time. Want to know why it matters in security, and how it works? Read on for the breakdown, the gotchas, and the pro tips.

What is Post Office Protocol?

Post Office Protocol (POP) was created so email clients could retrieve messages from a mail server and store them on a local device for offline access. Since the mid-1980s, POP has helped users download mail and usually delete it from the server, freeing up server space and letting them read emails offline without needing a constant internet connection.

Most email clients, including the ones you know (Outlook, Thunderbird, Apple Mail, and more), support POP3 natively. The protocol’s main job is to allow you to collect your emails and keep them stored locally. This behavior is why you’ll often see coworkers say, “I lost that old email when I switched computers.” With POP3, once the mail is downloaded (unless otherwise configured), it’s removed from the server.

Why do cybersecurity pros care? Because POP’s simplicity and popularity have big implications for security, device management, forensics, and compliance.

Learn more about standard email protocols from the Federal Communications Commission.

How does POP3 work

Here’s how the protocol works, step by step:

  • Connect: Your email client opens a TCP connection to the POP3 server (usually on port 110, or 995 for the encrypted version).

  • Authenticate: The client sends your username and password to the server.

  • Retrieve: POP3 downloads all new emails from the server to your device.

  • Delete (by default): After downloading, messages are typically deleted from the server, though some clients can be set to keep a copy for a while, good for users with multiple devices.

  • Disconnect: You’re done! All new mail is on your device, ready for offline reading.

The main takeaway? POP3 is a “store-and-forward” protocol. It stores mail on the server, delivers it to your device, and then deletes it on the server (unless you tweak your settings).

Fun historical tidbit: The protocol started life in RFC 918 (1984), got revamped in RFC 937 (1985), and reached its dominant version, POP3, in RFC 1939 (1996).

Curious about the official specs? CheckRFC 1939 via the Internet Engineering Task Force.


Why POP3 matters for cybersecurity

While POP3 is simple and effective, it’s a magnet for certain cyber risks:

  • Credential Theft: Old-school POP3 logins (on port 110) often transmit username and password in plain text unless security is tightened. Attackers sniffing the network could capture these credentials with basic tools.

  • Local Malware Risk: Because emails (and attachments) are downloaded, infected files land straight on endpoints. If the host security is lacking, malware has a field day.

  • Incident Response Gaps: Since downloaded messages disappear from the server, it’s harder for incident responders to recover evidence or do forensic analysis after a breach. No server backups of old mail? That’s a problem.

  • Compliance Issues: Regulations like HIPAA, GLBA, and GDPR can be tricky with POP3. Deleting mail from the server automatically may conflict with retention policies required by law.

Real-world applications and popular email clients

POP3 sticks around because it’s easy and doesn’t hog server space. If you:

  • Prefer to keep all mail on one device

  • Don’t need access to the same mail across phones, tablets, and laptops

…then POP3 gets the job done! Lots of backup software, like SyncBackPro, can back up mail by connecting with POP, too.

Top POP3-Enabled Clients and Services

  • Microsoft Outlook and Outlook Express

  • Mozilla Thunderbird

  • Apple Mail

  • Most ISPs’ webmail (if enabled)

  • Enterprise backup and archiving tools

Heads-up: Modern workflows usually push teams toward IMAP (keeps mail in sync on all devices) or cloud email (think Gmail, O365, etc.), but POP3 remains alive in legacy setups and smaller businesses.

POP3 ports and security considerations

Here’s what you need to know about POP3’s ports and security quirks:

  • Port 110: Default, unencrypted. Avoid anything outside totally trusted internal networks. Plain text passwords are bad news.

  • Port 995: POP3S (secured with SSL/TLS). Use this to encrypt traffic between the client and the server.

Security Checklist for POP3 Deployments

  • Default to POP3S (port 995). Never use unencrypted POP3 unless absolutely necessary.

  • Deploy endpoint protection (keep malware out!).

  • Update and filter attachments.

  • Train users not to open risky files.

  • Set policies to keep (not auto-delete) mail on the server if forensics or backups are needed.

More on secure email practices can be found atCISA’s Cybersecurity Tips.

POP3 vs. IMAP vs. SMTP

POP3: Downloads and (usually) deletes email from server after retrieval. Great for single-device use. Doesn’t sync read, deleted, or folder states.

IMAP: Keeps email stored on the server. All changes sync across multiple devices. Good for people with lots of devices or team setups.

SMTP: The sidekick. Handles sending email only (not receiving).

Quick comparison table:

Protocol

What it Does

Typical Ports

POP3

Fetches email for local storage

110, 995

IMAP

Fetches + syncs email across devices

143, 993

SMTP

Sends outgoing email

25, 465, 587

Security risks and best practices

Key Risks

  • Email Attachment Threats: Viruses and malware come in through local downloads. Endpoint protections must be robust.

  • Weak Authentication: If left unencrypted, credentials are easy to capture.

  • Lack of Email Retention: Investigations and compliance needs are undermined by auto-delete settings.

Best Practices

  • Always use POP3S encryption.

  • Educate users about attachments and phishing.

  • Set email clients to keep copies on the server for designated periods.

  • Implement regular endpoint backups and antimalware.

  • Track and audit mail flows for abnormal activity.

Frequently asked questions

POP stands for Post Office Protocol, and the "3" means the third (and current) version, known as POP3.

Only if you use encrypted POP3S (port 995); plain POP3 (port 110) is not secure and should be avoided on open networks.

That’s the default behavior. POP3 is designed to download and then delete mail from the server. You can change this in settings if you want to keep a copy.

Not easily. POP3 is best for one-device setups. Use IMAP if you need multi-device sync.

Simplicity, legacy system support, and offline access needs keep POP3 relevant, especially in certain enterprise or regulated environments.

Glitch effectBlurry glitch effect

Key takeaways

Post Office Protocol 3 (POP3) is a simple, widely used email retrieval protocol that downloads mail from a server to a local device. For cybersecurity teams, POP3 is double-edged: convenient for users, risky for unencrypted traffic and decentralized storage. Always encourage: POP3S encryption, local protections, and setting clients to keep server copies if you need compliance-ready records.

Know your org’s workflow: If you’re stuck with POP3, document and secure every step. Push toward IMAP or cloud email for more flexibility and security, where possible.

Glitch effect

Related Resources


  • What Is Simple Mail Transfer Protocol and Why Cybersecurity Depends on It
    What Is Simple Mail Transfer Protocol and Why Cybersecurity Depends on It
    Wondering what SMTP is? Learn how simple mail transfer protocol works and see why it’s vital for email security.
  • What is a SYN, and why does it matter in cybersecurity
    What is a SYN, and why does it matter in cybersecurity
    Learn what a SYN is, how SYN packets work, and why SYN flood attacks matter for cybersecurity. Learn to boost network visibility and defense.
  • What is Remote Desktop Protocol?
    What is Remote Desktop Protocol?
    What is Remote Desktop Protocol? | Huntress Cybersecurity 101
  • RFC 101: What Is a Request for Comments?
    RFC 101: What Is a Request for Comments?
    Learn how RFCs shape networking, security standards, and best practices in cybersecurity, with clear definitions and beginner-friendly FAQs
  • What is an IP (Internet Protocol) address?
    What is an IP (Internet Protocol) address?
    Learn what an IP (Internet Protocol) address is, why it matters in cybersecurity, and how attackers use it to target systems.
  • What is SNMP in Networking?
    What is SNMP in Networking?
    Learn what SNMP is, how it works, and why it's essential for network security. Complete guide covering SNMP versions, operations, and best practices.
  • What is SOAP Protocol?
    What is SOAP Protocol?
    Learn about SOAP protocol, a messaging standard critical to secure web service communication. Understand its role in cybersecurity and how it works.
  • What Is Cold Data Storage? Understanding the Cool Side of Data Management
    What Is Cold Data Storage? Understanding the Cool Side of Data Management
    Learn what cold data storage is, how it works, and why enterprises use it. Learn the best practices for managing and protecting your cold data.
  • What is Security Orchestration Explained, Benefits, and Use Cases
    What is Security Orchestration Explained, Benefits, and Use Cases
    Learn what security orchestration means, how it works in SOCs, key benefits, and how it differs from automation. Understand the 3 core orchestration functions.

Protect What Matters

Secure endpoints, email, and employees with the power of our 24/7 SOC. Try Huntress for free and deploy in minutes to start fighting threats.
Try Huntress for Free
Huntress Managed Security PlatformManaged EDRManaged EDR for macOSManaged EDR for LinuxManaged ITDRManaged SIEMManaged Security Awareness TrainingBook a Demo
PhishingComplianceBusiness Email CompromiseEducationFinanceHealthcareManufacturingState & Local Government
Managed Service ProvidersResellersIT & Security Teams24/7 SOCCase Studies
BlogResource CenterCybersecurity 101Upcoming EventsSupport Documentation
Our CompanyLeadershipNews & PressCareersContact Us
Huntress white logo

Protecting 215k+ customers like you with enterprise-grade protection.

Privacy PolicyCookie PolicyTerms of UseCookie Consent
Linkedin iconTwitter X iconYouTube iconInstagram icon
© 2025 Huntress All Rights Reserved.

Join the Hunt

Get insider access to Huntress tradecraft, killer events, and the freshest blog updates.

By submitting this form, you accept our Terms of Service & Privacy Policy