A URL Scheme for POP Mailboxes

"An ill-favoured thing, sir, but mine own."

William Shakespeare
As You Like It

A Locator for Every Resource

A Universal Resource Locator, or URL (``U-R-ILL'') for short, is used to access various resources on the Internet. The most familiar and most prominent (although they probably should not be) are those used to access Web and FTP sites (the URL of this page, for example, is "http://email.about.com/library/weekly/aa090798.htm"). But URLs also exits for gopher sites, for finger, IMAP, and other resources.

POP mailboxes are undeniably resources on the Internet as are IMAP maildrops. Until recently, however, no URL specification existed for them, in spite of the sheer age of the POP protocol (probably because of it). RFC 2384 attempts to cure this shortcoming.

What it Looks Like

The basic form of a URL for a POP mailbox looks as follows:

pop://user-name;auth=authentication-method@host-name:port-number

Let's break it apart.

Scheme

The first part of a URL specifies the scheme to use, in this case "pop" refers to the post office protocol ("http", BTW, stands for "hypertext transfer protocol").

Host Name

This specifies the host on which the mailbox to check resides. If my email address is "neva@ease.com" the host name could, for example, be "pop.ease.com". Of course it can be a completely different name as well. In any case, it is the name you specify as your POP server in the preferences of your email client.

Port Number

POP servers usually listen on port number 110 for requests and thus it is the default for this parameter if it is not explicitly specified.

User Name and Password

So far, the POP URL scheme looks like any "ordinary" HTTP URL. Unlike most Web sites, a mailbox requires authentication (the idea that anybody, just given a URL, can access my mailbox doesn't really please me).

In FTP URLs, the user name and password are specified like this: <ftp://neva:my_secret@ftp.ease.com/>, in clear text. For POP, this was deemed too insecure, and it also lacks flexibility.

Similar to IMAP URLs, which also do not permit clear text passwords, an authentication method can be specified with the optional ";auth=" parameter, immediately following the user name. The user name follows the scheme ("pop://"), as in an FTP URL.

Since the authentication mechanism is used when connecting to the server anything that the server understands can be used. An authentication method not preceded by a "+" is a SASL (Simple Authentication and Security Layer) method. Any mechanism preceded by a plus sign is either an extension method or APOP (which is not unknown to us).

If no method is stated in the URL or if it takes the special form of ";auth=*", the client program should select an appropriate method itself, which often will be the simple "user/pass" combination.

While the user name can be missing in the URL, it cannot be missing in the mailbox check that is to be carried out according to the URL, the program performing this task must ask for one. The server name is always required.

For Example

The URL <pop://neva@pop.ease.com> would map to the following behavior by the client and server:
*ask user for password*
*connect to pop.ease.com at port 110*
+OK pop.ease.com ready <2358.4015170592>
USER neva
+OK
PASS password
+OK
Now additional commands performing actual tasks can be issued.

A URL of <pop://neva;auth=+APOP@pop.ease.com:4711> leads to:
*ask user for password*
*connect to pop.ease.com at port 4711
+OK pop.ease.com ready <2358.4015170592>
APOP neva *digest*
+OK