Vol. I, No. 1  ·  San Francisco
mailconnectest. 2025
Wednesday Edition  ·  read-only

A Poke recipe for Fastmail

Install the recipe.
Your inbox,
on speaking terms.

mailconnect is a one-tap Poke recipe that connects your Fastmail account through MCP. One consent, one encrypted grant per user, no shared state, no surprises.

Install the Poke recipe How it works

Recipe coming soon. Drop your address on the support page and we’ll write the moment it’s live.

Mailconnect Postal Service
One Connection per Fastmail account

Procedure

How a connection is posted.

mailconnect speaks two protocols at once. To Poke it presents a clean MCP authorization server. To Fastmail it speaks OAuth 2.0 with PKCE and JMAP. The handoff in the middle is the entire point.

Poke discovers the bridge.

Poke fetches /.well-known/oauth-authorization-server and /register, registers itself dynamically, and starts an authorization request against /authorize. No manual app paperwork on either side.

You consent — once, on a real page.

The Worker renders a consent screen that names the connecting client and the scopes it’s asking for. From there you’re bounced to Fastmail to sign in. We never see your password.

Fastmail returns a token; we hide it.

Fastmail redirects to /auth/callback. The Worker exchanges the code for Fastmail access & refresh tokens, then issues an MCP token to Poke. Your Fastmail tokens are encrypted into that grant’s props — never logged, never shared.

Refresh quietly forever.

When Poke refreshes its MCP grant, the Worker refreshes the upstream Fastmail token in the same step and rotates the encrypted props. The connection ages well.

Dispatches

What Poke can ask for, today & next.

mailconnect still ships read-only — but it can do more than count folders now. Poke can find the message you mean, open it, and pull back the parts that matter without touching a thing in your account. The three on the shelf below are coming, and every one of them is explicitly opt-in.

Live get_account_profile

Who is connected.

Returns the connected Fastmail identity, granted scopes, primary mail account, and live JMAP capabilities, so Poke knows exactly whose mailbox it is speaking for.

Live list_mailboxes

The shelf of folders.

Lists Inbox, Archive, Sent, and custom mailboxes with their roles and unread counts, so Poke can aim a search at the right corner of your account.

Live search_emails

Find the note in question.

Searches recent mail by text, sender, recipient, subject, mailbox, unread state, attachment presence, and date window, then returns the newest matching messages with previews and mailbox context.

Live get_email

Open the envelope.

Fetches one message in full: headers, recipients, mailbox membership, attachments, and a clean plain-text body Poke can actually read.

Soon notify_on_arrival

A tap on the shoulder.

Tells Poke the moment a new message lands, so it can bring an important thread to your attention without being asked. Delivery rules, quiet hours, and per-sender filters keep the volume civilised.

Soon sort_and_archive

A place for every letter.

Lets Poke move threads into the right mailbox, archive what is done, and mark read or unread on your instruction. Every move is reversible and scoped to the grants you opt into.

Soon draft_and_send

Put it in the post.

Composes replies and new messages from a prompt, saves them as Fastmail drafts, and sends once you confirm. Ghost-writing on request, never on its own.

Today’s four tools are read-only. The three on the way touch your mailbox, and every one of them is explicitly opt-in — enable the ones you want, leave the rest off, and Poke will never write, move, or send anything you haven’t authorised.

Posture

A small bridge with strong opinions.

Per-user OAuth grants

Each Poke connection becomes its own grant, with its own encrypted Fastmail token set. No shared session state between users, by design.

Encrypted at rest

Upstream Fastmail tokens are stored inside encrypted OAuth grant props handled by @cloudflare/workers-oauth-provider. We can’t read them out of band.

Read-only, on purpose

The current MCP surface area can’t send, move, archive, label, or delete. Future write tools will arrive behind explicit, separate scopes.

You can disconnect

Disconnect inside Poke or revoke the app from your Fastmail security settings. The Worker will stop being able to talk to your inbox immediately.

PKCE all the way down

Both Poke→mailconnect and mailconnect→Fastmail use PKCE. There is no static client secret to steal from the user’s side of the flow.

Open source bridge

The Worker code is small, single-purpose, and inspectable. No analytics, no ad SDKs, no hidden third parties on the server side.