The ready-made recipe.
Install the published recipe from Poke, then sign in to Fastmail when the consent screen asks. No config file, no copy-paste.
A Fastmail bridge for AI clients
Your inbox,
on speaking terms.
mailconnect connects your Fastmail account to your AI assistant through a registered Fastmail OAuth app — one encrypted bridge, per-client capability policy, no shared state, no surprises.
Open beta. Built solo, running on production Cloudflare Workers. Sign in with Fastmail when the consent flow asks, and you’re connected.
Mailconnect Postal Service
One Connection
per Fastmail account
❦
Dispatch box
Two ways to connect.
One tap if you use Poke. One paste for any other AI client that can read a URL and edit its own config. Both paths land at the same Fastmail consent screen.
Let the agent set it up.
Paste the setup prompt into any AI client that can read URLs and edit its own config. The agent fetches the setup guide, wires up the server, and kicks off the OAuth flow.
Set up mailconnect, a hosted Fastmail MCP server, in my MCP client. Follow the instructions at: https://mailconnect.app/connect.md The MCP endpoint is https://api.mailconnect.app/mcp (streamable HTTP, OAuth 2.0 with PKCE).
Prefer to set it up by hand? See connect.md.
❦
Procedure
How a connection is posted.
mailconnect speaks two protocols at once. To your AI client it presents a clean OAuth 2.0 authorization server. To Fastmail it speaks OAuth 2.0 with PKCE and JMAP as a registered third-party app. The handoff in the middle is the entire point.
Your client discovers the bridge.
The client fetches /.well-known/oauth-authorization-server and /register, registers itself dynamically, and starts an authorization request against /authorize. No manual app paperwork on either side.
You consent — once, on a real page.
The Worker renders a consent screen that names the connecting client and explains the capability bundle mailconnect is registered for. From there you’re bounced to Fastmail to sign in. We never see your password.
Fastmail returns a token; we hide it.
Fastmail redirects to /auth/callback. The Worker exchanges the code for Fastmail access & refresh tokens, then issues an MCP token to your client. Your Fastmail tokens are encrypted into that grant’s props and handed back only to the client that started the flow.
Refresh quietly forever.
When your client refreshes its MCP grant, the Worker refreshes the upstream Fastmail token in the same step and rotates the encrypted props. The connection ages well.
※
Dispatches
What assistants can ask for, today & next.
Five tools are always available and stay read-only. Two mutate your mailbox and are off by default, per connected client — you opt each one in from mailconnect settings for the assistants you actually trust. The rest of the roadmap is tagged Soon.
Who is connected.
Returns the connected Fastmail identity, granted scopes, primary mail account, and live JMAP capabilities, so the assistant knows exactly whose mailbox it is speaking for.
The shelf of folders.
Lists Inbox, Archive, Sent, and custom mailboxes with their roles and unread counts, so the assistant can aim a search at the right corner of your account.
Find the note in question.
Searches recent mail by text, sender, recipient, subject, mailbox, unread state, attachment presence, and date window, then returns the newest matching messages with previews and mailbox context.
Open the envelope.
Fetches one message in full: headers, recipients, mailbox membership, attachments, and a clean plain-text body the assistant can actually read.
Pull an attachment.
Fetches a single attachment by blob id, so the assistant can receipt-parse a PDF, skim a contract, or hand you back exactly the file you asked about.
Reshelve a thread.
Moves a message between mailboxes — inbox to archive, into a project folder, out of spam. Off by default. Turn it on per client from settings; other connected assistants stay read-only.
Mark read or unread.
Toggles the read state of a message on your instruction. Off by default. Scoped the same way: enable only for the clients you trust to touch state.
A tap on the shoulder.
Tells the assistant the moment a new message lands, so it can bring an important thread to your attention without being asked. Delivery rules, quiet hours, and per-sender filters keep the volume civilised.
Put it in the post.
Composes replies and new messages from a prompt, saves them as Fastmail drafts, and sends once you confirm. Ghost-writing on request, never on its own.
Opt-in means opt-in. Fresh connections start with both mutating tools disabled; a client that has never been toggled on can’t move messages or flip read state no matter what it’s told. Opt each client in from settings when you’re ready, revoke any time. The Soon tools will ship behind the same per-client gate.
✦
Posture
A small bridge with strong opinions.
A registered Fastmail OAuth app
mailconnect is a registered third-party OAuth application with Fastmail, with its own client credentials and a published redirect URI. Every connection runs through Fastmail’s own authorization server with PKCE — we never see your password, and revoking mailconnect from your Fastmail security settings kills the upstream tokens instantly.
Your mail transits, it doesn’t stay
When your assistant calls a tool, mailconnect fetches the answer from Fastmail over JMAP, hands it back to the client, and forgets. Message metadata, bodies, and attachments are not persisted on our side. Cloudflare’s short-lived request logs contain structured OAuth events with hashed identifiers — no email content, no full tokens.
Per-user, per-client grants
Each client connection becomes its own grant, with its own encrypted Fastmail token set and its own capability policy. No shared session state between users or between clients, by design.
Encrypted at rest
Upstream Fastmail tokens are stored inside encrypted OAuth grant props handled by @cloudflare/workers-oauth-provider. We can’t read them out of band.
Read-only is the default
The JMAP mail scope Fastmail grants to mailconnect covers both reading and modifying mail — Fastmail doesn’t split those. mailconnect enforces read-only at the policy layer: write tools (move_email, mark_email_read) stay disabled for every newly connected client until you opt them in from settings. No server-side bypass, no default-on tier.
You can disconnect
Disconnect inside your AI client or revoke mailconnect from your Fastmail security settings. The Worker will stop being able to talk to your inbox immediately.
PKCE where it matters
Every end-user authorization flow uses PKCE — both client→mailconnect and mailconnect→Fastmail — so there’s no authorization code to replay even if someone intercepts the redirect.
Small, single-purpose bridge
mailconnect only speaks JMAP to Fastmail on your behalf. No scraping on the side, no unrelated integrations, no cross-user background work.