@Requests and POP3

The MainBoss Basic version of @Requests makes use of POP3 to obtain incoming work requests. This article explains what POP3 is and what it means to your site.

What is POP3

POP3 is a way of retrieving email from an email account. It should not be confused with SMTP which is for sending mail, not receiving it. POP3 is supported by Microsoft Exchange, Lotus Notes, and most other popular mail servers.

@Requests uses POP3 to check a mail server for incoming mail. POP3 is designed for brief "grab-and-go" sessions. Basically, it logs in, grabs all the mail messages it wants, then logs out again. In this way, it doesn't keep the server busy any longer than it has to. It also deletes messages from the server once it's finished with them.

The most common alternative to POP3 is called IMAP4. It also obtains incoming email, but it's designed for extended sessions. Instead of grabbing mail and going away, it stays connected for long periods of time. IMAP4 doesn't delete messages from the server, which means the same incoming message might end up generating multiple requests.

Future releases of @Requests may give users the choice of either POP3 or IMAP4, but the current version only uses POP3.

POP3 and Security

When POP3 logs on to an email server, it uses a password. This password is sent unencrypted. Conceivably, if a malicious user could "listen in" to your Internet traffic, the user could intercept the password. Malicious users also try to guess email addresses and passwords on the off chance of getting lucky. For example, they might try chris@yourcompany.com and keep trying every word in the dictionary in the hope that Chris wasn't very smart in picking a password.

Because of the slight chance of a problem, POP3 has been "banned" by some IT departments. However, there are several straightforward ways to work around the possibility of a security hole:

If Your IT Department Says No

If your IT department refuses to let you use POP3 despite what we've just said, there are two solutions:

We should also note that the default setting for some e-mail packages (e.g. Outlook) is to use POP3 with TLS. In this case, normal POP3 won't work with the mail server so you'll have to use one of the solutions above.