Skip to main content

8. Scaling and Operational Considerations

Since some POP3 servers answer a large number of connections, some implementations support a feature to check a user's password only when a mailbox is opened. This feature is known as "delayed authentication". The rationale for this is that a POP3 server can answer a large number of connections quickly without having to do the work of opening a mailbox. This can be especially useful for a server that answers a large number of connections from clients that are simply checking for new mail.

However, there is a significant problem with the use of delayed authentication: a client cannot know if an authentication failure is due to a bad password, or if it is due to some transient problem at the server site (e.g., a file system is temporarily unavailable). This is not a problem if the server does the authentication when the client first connects. If the authentication succeeds, the client knows that the maildrop is available. If the authentication fails, the client knows immediately that the password is incorrect and can notify the user.

For this reason, this memo strongly discourages the use of delayed authentication. If a POP3 server must implement delayed authentication, it should provide a mechanism for a POP3 client to explicitly request that the authentication be done immediately.

Key Points:

  • Delayed authentication: Postponing password verification until mailbox access
  • Recommended approach: Authenticate immediately upon connection
  • Reason: Provides clearer error reporting to clients
Last updated on