POP before SMTP
POP before SMTP or SMTP after POP is a method of authentication used by mail server software which helps allow users the option to send e-mail from any location, as long as they can demonstrably also fetch their mail from the same place.
The POP before SMTP approach has been superseded by SMTP Authentication.
Technically, users are allowed to use SMTP from an IP address as long as they have previously made a successful login into the POP service at the same mail hosting provider, from the same address, within a predefined timeout period.
The main advantage of this process is that it was generally transparent to the average user who will be connecting with an email client, which almost always attempted to fetch new mail before sending new mail. The disadvantages include a potentially complex setup for the mail hosting provider (requiring some sort of communication channel between the POP service and the SMTP service) and uncertainty as to how much time users will take to connect via SMTP (to send mail) after connecting to POP.
Those users not handled by this method need to resort to other authorization methods. Also, in cases where users come from externally controlled dynamically assigned addresses, the SMTP server must be careful about not giving too much leeway when allowing unauthorized connections, because of a possibility of race conditions leaving an open mail relay unintentionally exposed.
See also
- Simple Mail Transfer Protocol
- SMTP AUTH, specified in RFC 4954
- Mail submission protocol, specified in RFC 6409
 |  |
