What is this POP-before-SMTP authentication mechanism anyway?

First of all, we hope you have read the FAQ "Can you provide me with some background about how Internet email works?"! If yes, then read on. Otherwise, please review the said Q&A first.

Given the nature of a SMTP server being intrinsically designed as an open relay, to prevent spammers from hijacking such a server to send out large amount of spam, some kind of usage restriction mechanisms must be placed on the server.

The POP-before-SMTP scheme utilizes the fact that a POP server always requires successful authentication first before allowing any message retrieval.

When a client connects to a POP server, it furnishes the IP address of the client host (e.g. your PC), together with the username/password and (optionally) the domain name of the POP account to the POP server. The POP server will then try to verify whether or not the supplied info is correct (i.e. for authentication verification.)

A POP-before-SMTP mechanism only allows a client that has successfully authenticated with a POP server to further connect to a SMTP server. Connections from clients that are either not authenticated by the POP server or fail the authentication process are not allowed to access the SMTP server at all.

As you can see, the above scheme overrides the intrinsic "open" nature of a SMTP server quite effectively. Furthermore, it obviously doesn't require any changes to the SMTP server software either. But, it demands even legitimate users of a SMTP server to carry out an extra step (although a minor one). So, conceptually, the approach is quite kludgy.

faq's quick search