POP before SMTP
POP before SMTP or SMTP after POP is a method of authorization used by mail server software which helps allow users the option to send e-mail from any location, as long as they can demonstrably also fetch their mail from the same place.
The POP before SMTP approach has been superseded by SMTP authentication due to SMTP authentication being more widely used in recent years, for this and other purposes too.
Technically, users are allowed to use SMTP from an IP address as long as they have previously made a successful login into the POP service at the same mail hosting provider, from the same address, within a predefined timeout period.
The main advantage of this process is that it is generally transparent to the average user who will be connecting with an email client, which will almost always make a connection to fetch new mail before sending new mail. The disadvantages include a potentially complex setup for the mail hosting provider (requiring some sort of communication channel between the POP service and the SMTP service) and uncertainty as to how much time users will take to connect via SMTP (to send mail) after connecting to POP.
Those users not handled by this method need to resort to other authorization methods. Also, in cases where users come from externally controlled dynamically assigned addresses, the SMTP server must be careful about not giving too much leeway when allowing unauthorized connections, because of a possibility of race conditions leaving an open mail relay unintentionally exposed.
See also
- SMTP AUTH, specified in RFC 4954
- Mail submission protocol, specified in RFC 6409
External links
- POP before SMTP on SourceForge.net, an open source implementation for sendmail on Linux
- How to restrict relaying through your mail server to only users that have authenticated using POP
- DRAC, Dynamic Relay Authorization Control, daemon that dynamically updates a relay authorization map for sendmail
- whoson on SourceForge.net: "WHO iS ONline" is a proposed protocol that allows a server know if a particular, perhaps dynamically allocated IP, is currently allocated to known user and, optionally, the identity of said user.