
Implementing 'focus and reply' for Fastmail with JMAP - janvdberg
https://jvns.ca/blog/2020/08/18/implementing--focus-and-reply--for-fastmail/
======
cxr
> _someone very helpfully suggested just wrapping the plain text email in a
> <pre> tag to protect against XSS_

This is bad advice.

[https://www.cs.dartmouth.edu/~sergey/langsec/occupy/](https://www.cs.dartmouth.edu/~sergey/langsec/occupy/)

~~~
jvns
I actually realized that this must be on HN because 2 different people emailed
me to tell me this XSS workaround was bad advice :). Updated the post.

~~~
jacobkania
Hey! Awesome that you updated it! Thanks for all of your blog posts. You’re
one of a few go-to blogs when I want inspiration on new things to learn. I
even used your website design as a model for the default template for a static
site generator I built :)

------
mulmen
The last mention of JMAP got me to sign up for three years of Fastmail. I used
their auto-configure script to add it to my personal MacBook. The system then
became more unstable than it has ever been, frequent crashes of the
WindowServer and complete system lockups. Combined with scary messages about
my Gmail and iCloud accounts asking for re-authentication. I seriously thought
I had been owned.

I removed the Fastmail accounts (mail, calendar, etc.) and everything was
immediately fine again. I'm scared to try this again to troubleshoot what is
happening.

~~~
brongondwana
Wow, that's really worrying that an autoconfig file could even do that!

We have had reports of the autoconfig being annoying if you need to change any
settings because it locks some of them in place, but I've never seen any
mention of that kind of crash.

Regarding the re-authentication messages, I suspect the reason is that you
have migrated calendar events across into Fastmail from those other systems,
and those events contain links to authenticated resources which your Mac is
trying to load. This isn't really something we can fix other than stripping
those out of your events, but that has its own downsides!

~~~
mulmen
I didn’t migrate anything into Fastmail.

When I removed the Fastmail accounts everything else went back to normal. It
could very well be a problem with MacOS.

When I have time I’ll try setting it up again and see if it happens again.

Works fine on my iPhone.

~~~
bravura
Were you just using Fastmail as a copy if Gmail? Or were you manipulating
gmail through jmap?

~~~
mulmen
Gmail and Fastmail were not linked in any way. I have had my Gmail account set
up in MacOS for years. I added my Fastmail account. My system became unstable
and all my Internet accounts started prompting for logins.

------
voltagex_
I'd love to see a non-Fastmail writeup of using JMAP - I was seeing if I could
implement push notifications for certain emails coming in and it looks like
I'd need to handle the entire mailbox.

------
charles_f
Cool beans, I love the simple and straightforward lightweight client based
approach.

Shameless plug - I built the screening workflow / Imbox bit of Hey for IMAP
servers about a month ago
[https://www.feval.ca/posts/screenr/](https://www.feval.ca/posts/screenr/).
We're just missing a couple more features and we'll have their full feature
set for any mailbox :)

~~~
kristerv
And I built send plugin: [https://addons.mozilla.org/en-
US/firefox/addon/massfastmail/](https://addons.mozilla.org/en-
US/firefox/addon/massfastmail/)

~~~
kilroy123
Thank you for this!

------
niftylettuce
I've experimented with JMAP a bit (related to my work with
[https://forwardemail.net](https://forwardemail.net)). Cool hack.

------
raziel2p
The chaining of requests/method-calls is a really interesting concept.

------
sam1r
Great write up! I actually lol’d at step 0. The irony of hey.coms vision to
simplify email and you’re first intuitive step.. hilarious

For those who are perusing the comments w/o reading (like me all the time)...

Step 0: “make the feature simpler”

~~~
Aachen
Fwiw I read the article but I don't remember that heading so also for readers
without perfect recall it's good to reference what you're talking about.

------
godzillabrennus
Good to see this. I also really miss send later and undo send when I use
Fastmail. Two major missing Features.

The biggest issue I have with Fastmail is how lousy the tech support is. I had
issues with IMAP and they take days between replies to get back with you.

I started sending them hourly updates hoping for a faster response. Then I
copied the CEO to the email chain. After about 20 emails to them I gave up.

A few days later someone got back to me that every time you email their
support it resets their clock on when they will respond...

Literally the worst of the worst in email support. That is sad because they
have good policies and a fairly robust web frontend.

~~~
ocdtrekkie
Gmail is the worst of the worst in email support: It has none.

Always had great support experiences with FastMail. Spamming them hourly seems
like being a bad customer though.

~~~
cxr
I've noticed there's only ever effusive praise for Fastmail on HN, which
itself probably leads to the kind of thing that Feynman warned us about re oil
drops.

Spamming folks notwithstanding, I also had a terrible experience with Fastmail
on the two occasions that I filed support tickets. I once wrote before: if the
options are no support from a service where it's never needed, versus the
illusion of support from a different service (paid, even) where the emptiness
of the promise will be made evident, then the former is better.

Having said that, I don't actually use or condone Gmail; I give my money to a
Fastmail competitor.

~~~
shazow
I also had some bad experiences with Fastmail, they're very aggressive at
shutting down your account if billing fails (expired cc) with zero warnings.
Ended up missing emails on two occasions because of this (I was using fastmail
for forwarding). For recovery, they offered to read my emails to confirm my
identity which was the final straw. Related thread here:
[https://twitter.com/shazow/status/1021570521987731458](https://twitter.com/shazow/status/1021570521987731458)

~~~
jvns
it's really worrisome that they offered to look through your email data to
confirm your identity.

I'd be really curious to know more about what Fastmail does to safeguard
customer data from malicious activity by employees.

~~~
shazow
Agreed! That's one thing that I know Gmail is _very_ good at, at least. I
didn't get the impression that Fastmail cares particularly about that problem
yet.

