Pop3 on port 110 is the older of the two popular protocols used to retrieve eMail from remote mail servers. (The newer protocol, imap, the Internet message access protocol, uses port 143.) End-user eMail clients send eMail to remote eMail servers using the SMTP protocol on port 25 and typically retrieve their eMail using either pop3 or imap. Email clients and servers must each support both an eMail sending (SMTP) and retrieving (pop3 or imap) protocol.
Local POP proxies
Although it is uncommon for end-user PCs to host a full eMail server, anti-virus and anti-spam "filtering" programs often open the user's local port 110 to provide convenient eMail filtering through a technique known as "proxying". The bad news is that some of these programs cause this port to be opened and exposed to the outside world to the whole Internet which can create serious vulnerabilities for the user's PC.
The idea behind a "local proxy" is that the anti-virus or anti-spam program needs to "filter" the remote eMail before it reaches the local eMail client program. So the proxying filter program creates a little local pop3 or imap server right there on the user's machine. The user instructs their eMail client to retrieve eMail from port 110 or 143 of their own computer, and the proxy, in turn, fetches the eMail from the remote eMail server.
This places the proxy "in line" between the remote eMail server and the local eMail client. The Proxy retrieves eMail from the remote server, checks it, filters it, virus scans it, or whatever, then offers it to the local eMail client through its own local pop3 or imap server running on port 110 or 143.
The only trouble with this is that poorly or hastily written local proxies can sometimes create the side-effect of opening the same local server to connections from the entire Internet. If such a proxy also had some insecure features which could be exploited (which is always a concern with any publicly accessible Internet servers) it might be possible for nefarious hackers to exploit the local server's security weaknesses as a means of gaining an advantage of some sort.
Closing port 110
Under no circumstances would you want port 110 of a local proxy (or any local proxy ports for that matter) to be open to the outside world. It's unlikely that you would have a full eMail server running on your machine, but a local proxy such as that described above is becoming more common. If our probes show that your machine has port 110 open, you should determine the cause and see about updating your software, or determine how to close this port to outside access. If all else fails, the use of a NAT router or personal firewall would do the trick.
The POP3 RFC (the complete specification)
The specification of every nuance and detail of the POP3 protocol:
Trojan Sightings: ProMail trojan