-If nmh has been compiled with APOP #defined, the `\-apop' switch will cause
-\fImsgchk\fR to use APOP rather than standard POP3 authentication. Under APOP,
-a unique string (generally of the format
-<\fIpid\fR.\fItimestamp\fR@\fIhostname\fR>) is announced by the POP server.
-Rather than `USER \fIuser\fR', `PASS \fIpassword\fR', msgchk sends `APOP
-\fIuser\fR \fIdigest\fR', where digest is the MD5 hash of the unique string
-followed by a `secret' shared by client and server, essentially equivalent to
-the user's password (though an APOP-enabled POP3 server could have separate APOP
-and plain POP3 passwords for a single user). `\-noapop' disables APOP in cases
-where it'd otherwise be used.
-
-If nmh has been compiled with KPOP #defined, the `\-kpop' switch will allow
-\fImsgchk\fR to use Kerberized POP rather than standard POP3 on a given
-invocation. If POPSERVICE was also #defined to "kpop", \fImsgchk\fR will be
-hardwired to always use KPOP.
-
-If nmh has been compiled with SASL support, the `\-sasl' switch will enable
-the use of SASL authentication. Depending on the SASL mechanism used, this
-may require an additional password prompt from the user (but the
-\*(lq.netrc\*(rq file can be used to store this password). The
-`\-saslmech' switch can be used to select a particular SASL mechanism.
-
-If SASL authentication is successful, \fIinc\fR will attempt to negotiate
-a security layer for session encryption. Encrypted traffic is labelled
-with `(encrypted)' and `(decrypted)' when viewing the POP transaction
-with the `\-snoop' switch.
-%nmhendpop%
-.Fi