What is Port 995?
Port 995 is a TCP network port reserved for communication between email clients and mail servers for the purpose of retrieving email securely. It is used for POP3 email transmissions over Transport Layer Security (TLS) or Secure Sockets Layer (SSL) encryption, which is why the protocol is referred to as POP3S.
The standard POP3 protocol sends usernames, passwords, and downloaded email content in plain unencrypted text, creating security and privacy risks. Port 995 adds TLS or SSL encryption to POP3 to provide confidentiality and integrity for the entire email retrieval session.
Key Advantages of Using Port 995
- Encryption: The contents of emails, usernames, and passwords are encrypted and cannot be intercepted by network devices.
- Data integrity: Any tampering or manipulation of data can be detected due to message authentication in SSL/TLS.
- Server authentication: Helps prevent man-in-the-middle attacks by authenticating the identity of the email server.
- Compatibility: all major email clients and servers support POP3S.
Key Takeaways
- Port 995 is used for secure email retrieval using POP3 over TLS/SSL encryption.
- It helps prevent email interception and eavesdropping by encrypting communication between the email client and server.
- Port 995 needs to be opened in firewalls and routers for POP3S email traffic to flow.
- All major email clients and servers, including Outlook, Thunderbird, Gmail, Exchange, etc., support POP3S with port 995.
- For additional security, port 995 is recommended, as regular POP3 emails are sent in plain text.
- Along with port 465 (SMTP over SSL), port 995 helps provide end-to-end encrypted email transmission.
How Port 995 Works
The process for retrieving email using port 995 with POP3S involves the following general steps:
- Connection request: The email client initiates a TCP connection to the email server on port 995.
- Encryption handshake: The client and server perform an SSL/TLS handshake to negotiate encryption algorithms, exchange keys, authenticate each other’s identity, etc.
- Encrypted session: With the encrypted session in place, the email client sends the username and password to the server over the secured connection.
- Email download: The server authenticates the credentials and allows access to the account. The client issues POP3 commands to search and download email over the encrypted session.
- Decryption: The email client decrypts the contents using the encryption keys. The emails are now available to the user in plain decrypted format.
- Session termination: Once all emails have been downloaded, the POP3S session is closed.
This process converts plain text POP3 communication into encrypted POP3S, giving strong protection against sniffing and man-in-the-middle attacks. The encryption applies to the entire session.
When is Port 995 Used?
Port 995 is used whenever a client needs to retrieve emails from a server using POP3 securely over SSL or TLS encryption. This includes:
- When connecting email clients such as Outlook, Thunderbird, and Apple Mail to Internet-based email providers like Gmail, Outlook.com, Yahoo, etc., that support POP3S.
- When connecting to POP3-compatible email servers like Microsoft Exchange and other mail servers that are configured to allow POP3S.
- Downloading email on mobile devices through apps and email clients that use POP3S.
- By automation scripts, applications, and systems that need to fetch emails using encrypted POP3.
Why Use Port 995 for Email?
There are several advantages to using port 995 POP3S instead of unencrypted POP3:
- Privacy: Contents of emails cannot be intercepted or read during transmission over untrusted networks.
- Security: User credentials and emails cannot be easily captured through sniffing and man-in-the-middle attacks.
- Data integrity: Any tampering with emails can be detected due to encryption.
- Compliance: The use of encryption helps satisfy regulatory compliance requirements for data security.
- Server authentication: Prevents spoofing of email servers by malicious actors.
- Compatibility: Supported by all major email clients and servers.
- End-to-end encryption: When combined with SMTPS on port 465, provides encryption throughout email delivery.
For these reasons, organizations and email providers strongly recommend using POP3S and port 995 wherever possible instead of plain POP3. The added security and privacy are worth the minimal additional setup required.
How to Use Port 995
Using port 995 for email retrieval is straightforward. The key steps are:
- Verify server supports POP3S
- Update email client settings.
- Install root certificates
- Connect and download the email.
- Open firewall ports
Verify server supports POP3S
Before using port 995, confirm that your mail server or email provider supports POP3S. Most will advertise this capability on their website or support pages.
Update email client settings.
In your email client, configure the incoming mail server to use POP3S over port 995 instead of standard POP3. For example, in Outlook you would enter:
- Incoming server: pop.example.com
- Port: 995
- Use SSL: Yes
Install root certificates
Your device will need root certificates for the Certificate Authorities (CA) used by your mail server for SSL/TLS authentication and encryption. These are usually installed by default on most operating systems.
Connect and download the email.
Once configured, your email client will connect to the mail server on port 995, perform encryption handshakes, authenticate, and then allow you to download email securely using POP3S.
Open firewall ports
If behind a firewall, ensure TCP port 995 is allowed for outbound connections so that POP3S traffic can flow.
And that’s it! The email client handles encryption, decryption, and secure communication automatically. To take advantage of POP3S’s security, you just need to target port 995 instead of 110.
What’s the Difference Between POP3 vs POP3S (Port 995)
It’s important to understand the difference between unencrypted POP3 vs POP3S when using port 995:
|
Feature |
POP3 |
POP3S |
|
Port |
110 |
995 |
|
Encryption |
No encryption |
Uses SSL/TLS for encryption |
|
Security |
Plaintext authentication and data transfer. Not secure. |
Encrypted authentication and data transfer. More secure. |
|
Setup |
Easy setup on mail client. May require enabling POP3. |
Requires SSL certificate on mail server. Mail client must support POP3S. |
|
Performance |
Faster without encryption overhead |
Slower due to encryption processes |
|
Use Cases |
Retrieving email from a mail server to a local client. Not recommended for sensitive data. |
Securely retrieving email from a mail server. Recommended for sensitive data. |
The main differences are that POP3S uses SSL/TLS encryption while regular POP3 does not encrypt the connection. POP3S is more secure but requires additional setup. POP3 is faster but transmits all data including passwords in plaintext.
POP3S Email Clients
All modern email clients support POP3S and port 995, including:
- Microsoft Outlook: Go to Account Settings > More Settings > Advanced and enable “Use SSL.”
- Mozilla Thunderbird: Go to Account Settings > Security and check “Use SSL/TLS.”
- Apple Mail: Go to Preferences > Accounts > Advanced and select “Use SSL.”
- Windows Mail: Go to Accounts > Properties > Advanced > Use the following type of encrypted connection: SSL
- Gmail webmail: Go to Settings > See all settings > Forwarding and POP/IMAP > Enable POP
- Yahoo Mail webmail: Enable under Account Info > Account Security
- Outlook.com webmail: Go to Settings > POP and IMAP and enable POP
POP3S Compatible Email Servers
All modern mail servers support POP3S and port 995, including:
- Microsoft Exchange Server
- G Suite Gmail
- Office 365 Exchange Online
- Zimbra
- IceWarp
- Kerio Connect
- MailEnable
- MDaemon
- Postfix
- Sendmail
- Exim
- Qmail
And most hosted or cloud-based email providers, such as Outlook.com, Yahoo Mail, GMX, Zoho Mail, FastMail, and many more.
So, any mainstream email server or service you use today should support POP3S out of the box. It just needs to be enabled and configured correctly.
Troubleshooting POP3S Connections
If you are having trouble connecting to port 995 for POP3S, some things to check include:
- Firewall blocking: Verify port 995 is allowed in network firewalls, routers, EC2 security groups etc.
- Server configuration: Ensure the mail server is configured to enable POP3S and port 995 connections.
- TLS settings: Try switching between TLS 1.0, 1.1, 1.2, or SSL 3 in the client.
- Certificates: Check for any issues with expired or invalid certificates and ensure root CA is installed.
- Authentication: Try temporarily disabling two-factor authentication if supported.
- Telnet test: Use a telnet client to test basic TCP port 995 connectivity.
- TCP dump: Capture TCP dump to analyze the network handshake attempts.
- Logs: Check mail server logs for any errors related to POP3S or port 995.
- Client settings: Double-check check POP3S is fully enabled in the email client and verify any proxy settings.
Port 995 and Email Security
Using port 995 for POP3S improves email security in several ways:
- Encrypts username, password, and email content during transmission.
- Prevents man-in-the-middle attacks that intercept credentials and emails.
- Provides integrity checking to detect any tampering with emails.
- Authenticates the identity of the email server.
- Helps comply with data security regulations that mandate encryption.
- Secures email retrieval from public wi-fi hotspots.
However, some other good practices to follow include:
- Also use SMTPS (port 465) for secure email sending.
- Require two-factor authentication on email accounts when available.
- Use strong, unique passwords for email accounts.
- Set up VPNs when retrieving email over untrusted networks.
- Limit the use of POP3: use IMAP whenever possible.
- Disable POP3/IMAP when not needed.
Port 995 and Email Privacy
Using POP3S not only secures your email credentials and content from interception but also helps protect privacy in several ways:
- Encrypts email subject lines so message topics remain private.
- Prevents email content and attachments from being sniffed or exposed.
- Redacts usernames and passwords from plain sight.
- Makes it harder to mine emails for personal information.
- Keep your contacts and communication private from prying eyes.
Some other tips to further enhance email privacy include:
- Review all emails carefully before sending them.
- Avoid sending confidential data over email when possible.
- Set email clients to block remote image downloads.
- Be cautious of opening links and attachments.
- Encrypt sensitive emails end-to-end with S/MIME or PGP.
Final Thoughts
Port 995 enables vital POP3S encrypted email retrieval between clients and servers over the Internet. It closes the security and privacy gaps present in plain text POP3, leading to a safer and more confidential overall email experience.
All organizations and individuals should migrate to using POP3S on port 995 wherever possible. Combined with SMTPS, it provides ubiquitous opportunistic TLS encryption for end-to-end email transmission.
Given how easy it is to implement in both clients and servers, there is no reason not to use this simple encryption mechanism to secure emails from interception.
Priya Mervana
Verified Web Security Experts
Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.
![What is Certificate Revocation List [CRL]?](https://sslinsights.com/wp-content/uploads/2024/01/certificate-revocation-list-crl.png)
