POP3 Extension Mechanism (last updated 2007-10-04) The POP3 Extension Mechanism [RFC 2449] updates RFC 1939 to define a mechanism to announce support for optional commands, extensions, and unconditional server behavior. Included is an initial set of currently deployed capabilities which vary between server implementations, and several new capabilities (SASL, RESP-CODES, LOGIN-DELAY, PIPELINING, EXPIRE and IMPLEMENTATION). The RFC also extends POP3 error messages so that machine parsable codes can be provided to the client. POP3 capabilities New POP3 capabilities MUST be defined in a standards track or IESG approved experimental RFC, and MUST NOT begin with the letter "X". New POP3 capabilities MUST include the following information: CAPA tag Arguments Added commands Standard commands affected Announced states / possible differences Commands valid in states Specification reference Discussion Initial Set of Capabilities TOP [RFC2449] USER [RFC2449] SASL [RFC2449, RFC-siemborski-rfc1734bis-11.txt] RESP-CODES [RFC2449] LOGIN-DELAY [RFC2449] PIPELINING [RFC2449] EXPIRE [RFC2449] UIDL [RFC2449] IMPLEMENTATION [RFC2449] AUTH-RESP-CODE [RFC3206] In addition, new limits for POP3 command and response lengths may need to be included. POP3 Response Codes New POP3 response codes MUST be defined in an RFC or other permanent and readily available reference, in sufficient detail so that interoperability between independent implementations is possible. (This is the "Specification Required" policy described in [IANA]). New POP3 response code specifications MUST include the following information: the complete response code, for which responses (+OK or -ERR) and commands it is valid, and a definition of its meaning and expected client behavior. CAPA tag CAPA Args Added cmds Affected List Diffs Cmd Valid References -------- --------- ---------- -------- ---- ----- --------- ---------- TOP none TOP none both no TRANSACTION [RFC2449, RFC1939] USER none USER,PASS none both no AUTHENTICAT [RFC2449, RFC1939] SASL mech list AUTH none both no AUTHENTICAT [RFC2449, RFC-siemborski-rfc1734bis-11.txt] RESP-CODES none none none both no n/a [RFC2449] LOGIN-DELAY secs&USER none USER,PASS both yes n/a [RFC2449] APOP,AUTH PIPELINING none none all both no n/a [RFC2449] EXPIRE days/ none none both yes n/a [RFC2449] NEVER&USER UIDL none UIDL none both no TRANSACTION [RFC2449, RFC1939] IMPLEMENTATION text none none TRANS/both no n/a [RFC2449, RFC1939] STLS none STLS USER, both no AUTHENTICAT [RFC2595] PASS,CAPA Response Code Response Types Commands Reference ------------- -------------- -------- --------- LOGIN-DELAY -ERR USER*,PASS,APOP,AUTH [RFC2449] IN-USE -ERR PASS,APOP,AUTH [RFC2449] SYS/PERM -ERR All commands [RFC3206] SYS/TEMP -ERR All commands [RFC3206] AUTH -ERR Any authentication [RFC3206] command including AUTH, USER (see note), PASS, or APOP. * - see spec for details Note: Returning the AUTH response code to the USER command reveals to the client that the specified user exists. It is strongly RECOMMENDED that the server not issue this response code to the USER command. REFERENCES ---------- [RFC1734] Myers, J., "POP3 AUTHentication command", RFC 1734, December 1994. [RFC1939] Myers, J. and M. Rose, "Post Office Protocol -- Version 3", STD 53, RFC 1939, May 1996. [RFC2449] Gellens, R., Newman, C. and L. Lundblade, "POP3 Extension Mechanism", RFC 2449, November 1998. [RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC 2595, Innosoft, June 1999. [RFC3206] R. Gellens, "The SYS and AUTH POP Response Codes", RFC3206, February 2002. [RFC-siemborski-rfc1734bis-11.txt] R. Siemborski, A. Menon-Sen, "POP3 SASL Authentication Mechanism", RFC XXXX, Month Year. []