EN
Русский
TCP
Dangerous
Mail
Port 110 (POP3)
Learn about port 110 (POP3) - security risks, vulnerabilities, and common uses. Find devices with port 110 open.
Quick Info
Port Number
110
Protocol
TCP
Service
POP3
IANA Name
POP3
Service Description
TCP port 110 is the standard port for the Post Office Protocol version 3 (POP3). POP3 is an application-layer internet standard protocol used by email clients to retrieve email from a mail server. It operates by allowing a client to connect to a server, authenticate, and then download messages. After downloading, the client typically deletes the messages from the server (though this behavior is configurable). POP3 is a relatively simple protocol designed for offline email access, where users download messages and then disconnect from the server to read and manage them. It's a store-and-forward service, distinct from protocols like IMAP which are designed for online, synchronized access.
The protocol works via a series of commands sent from the client to the server. Common commands include USER (specifying the username), PASS (providing the password), LIST (listing the messages on the server), RETR (retrieving a specific message), DELE (marking a message for deletion), RSET (unmarking messages marked for deletion), NOOP (no operation), and QUIT (terminating the session). The server responds to each command with a status code, typically either +OK for success or -ERR for failure. Because POP3 was originally designed without encryption, it's vulnerable to eavesdropping, making the plaintext transmission of usernames and passwords a significant security risk. Secure versions of POP3, such as POP3S (using SSL/TLS on port 995), were introduced to mitigate these risks.
## Firewall Recommendations
Blocking port 110 is strongly recommended if you're not actively using POP3 and can migrate to a more secure protocol like IMAP (port 143 or 993). If you must use POP3, prioritize using POP3S (port 995) with SSL/TLS encryption. Configure your email client to use the secure version and ensure the server supports and enforces it. If you need to allow access to port 110, restrict access to only trusted networks or IP addresses. Implement strong authentication policies, such as requiring strong passwords and enabling multi-factor authentication where possible. Regularly monitor network traffic for suspicious activity and keep your email server software up to date with the latest security patches to mitigate potential vulnerabilities. Consider implementing intrusion detection and prevention systems (IDS/IPS) to detect and block malicious traffic targeting port 110.
The protocol works via a series of commands sent from the client to the server. Common commands include USER (specifying the username), PASS (providing the password), LIST (listing the messages on the server), RETR (retrieving a specific message), DELE (marking a message for deletion), RSET (unmarking messages marked for deletion), NOOP (no operation), and QUIT (terminating the session). The server responds to each command with a status code, typically either +OK for success or -ERR for failure. Because POP3 was originally designed without encryption, it's vulnerable to eavesdropping, making the plaintext transmission of usernames and passwords a significant security risk. Secure versions of POP3, such as POP3S (using SSL/TLS on port 995), were introduced to mitigate these risks.
## Firewall Recommendations
Blocking port 110 is strongly recommended if you're not actively using POP3 and can migrate to a more secure protocol like IMAP (port 143 or 993). If you must use POP3, prioritize using POP3S (port 995) with SSL/TLS encryption. Configure your email client to use the secure version and ensure the server supports and enforces it. If you need to allow access to port 110, restrict access to only trusted networks or IP addresses. Implement strong authentication policies, such as requiring strong passwords and enabling multi-factor authentication where possible. Regularly monitor network traffic for suspicious activity and keep your email server software up to date with the latest security patches to mitigate potential vulnerabilities. Consider implementing intrusion detection and prevention systems (IDS/IPS) to detect and block malicious traffic targeting port 110.
Security Information
Port 110 is a significant security risk due to its historical reliance on unencrypted communication. Attackers can passively eavesdrop on network traffic to capture usernames and passwords transmitted in plaintext. This allows them to gain unauthorized access to email accounts. Even if the email content itself isn't the primary target, compromised accounts can be used for phishing attacks, spam campaigns, or as a stepping stone to gain access to other systems on the network. The lack of inherent security in the original POP3 protocol makes it vulnerable to man-in-the-middle attacks, where an attacker intercepts and modifies communication between the client and the server. While POP3S (using SSL/TLS on port 995) provides a more secure alternative, many legacy systems or misconfigured clients may still use the insecure port 110, exposing them to these risks. Furthermore, buffer overflow vulnerabilities in POP3 server implementations have been exploited in the past, allowing attackers to execute arbitrary code on the server.
Known Vulnerabilities
| CVE | Name | Severity | Description |
|---|---|---|---|
| CVE-2003-0269 | Buffer overflow in UW-IMAP | Critical | A buffer overflow vulnerability in the University of Washington (UW) IMAP server, commonly used as a POP3 server, allows remote attackers to execute arbitrary code via a long USER command. |
| CVE-2000-0657 | Mail Abuse Prevention System (MAPS) RBLCD Vulnerability | High | rblcd, when configured to use POP3, allows remote attackers to cause a denial of service (crash) via a long string to the POP3 port. |
| CVE-1999-0537 | POP3 password sniffing | Medium | POP3 transmits passwords in cleartext, allowing attackers to sniff passwords. |
Common Software
- Microsoft Outlook
- Mozilla Thunderbird
- Apple Mail
- Evolution
- KMail
- Opera Mail
- Pine
- Eudora
Find all devices with port 110 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning