Vol. I, No. 1  ·  San Francisco
mailconnectest. 2025
Wednesday Edition  ·  read-only

A Poke recipe for Fastmail

Install the recipe.
Your inbox,
on speaking terms.

mailconnect is a one-tap Poke recipe that connects your Fastmail account through MCP. One consent, one encrypted grant per user, no shared state, no surprises.

Install the Poke recipe How it works

Recipe coming soon. Drop your address on the support page and we’ll write the moment it’s live.

Mailconnect Postal Service
One Connection per Fastmail account

Procedure

How a connection is posted.

mailconnect speaks two protocols at once. To Poke it presents a clean MCP authorization server. To Fastmail it speaks OAuth 2.0 with PKCE and JMAP. The handoff in the middle is the entire point.

Poke discovers the bridge.

Poke fetches /.well-known/oauth-authorization-server and /register, registers itself dynamically, and starts an authorization request against /authorize. No manual app paperwork on either side.

You consent — once, on a real page.

The Worker renders a consent screen that names the connecting client and the scopes it’s asking for. From there you’re bounced to Fastmail to sign in. We never see your password.

Fastmail returns a token; we hide it.

Fastmail redirects to /auth/callback. The Worker exchanges the code for Fastmail access & refresh tokens, then issues an MCP token to Poke. Your Fastmail tokens are encrypted into that grant’s props — never logged, never shared.

Refresh quietly forever.

When Poke refreshes its MCP grant, the Worker refreshes the upstream Fastmail token in the same step and rotates the encrypted props. The connection ages well.

Dispatches

What Poke can ask for, today.

mailconnect ships read-only. The recipe’s current scope is small on purpose — a tight first cut is more honest than a long list of half-finished verbs.

Live get_account_profile

Who’s home.

Returns the connected Fastmail account’s identity, granted scopes, primary mail account, and the JMAP capabilities the session reports — so Poke knows whose mailbox it’s working with.

Live list_mailboxes

The shelf of folders.

Lists every mailbox on the account — Inbox, Archive, custom labels — with mailbox roles and unread counts as JMAP exposes them.

Two tools, on purpose. Searching, reading, and writing live behind their own scopes and will arrive as a deliberate, separate update.

Posture

A small bridge with strong opinions.

Per-user OAuth grants

Each Poke connection becomes its own grant, with its own encrypted Fastmail token set. No shared session state between users, by design.

Encrypted at rest

Upstream Fastmail tokens are stored inside encrypted OAuth grant props handled by @cloudflare/workers-oauth-provider. We can’t read them out of band.

Read-only, on purpose

The current MCP surface area can’t send, move, archive, label, or delete. Future write tools will arrive behind explicit, separate scopes.

You can disconnect

Disconnect inside Poke or revoke the app from your Fastmail security settings. The Worker will stop being able to talk to your inbox immediately.

PKCE all the way down

Both Poke→mailconnect and mailconnect→Fastmail use PKCE. There is no static client secret to steal from the user’s side of the flow.

Open source bridge

The Worker code is small, single-purpose, and inspectable. No analytics, no ad SDKs, no hidden third parties on the server side.