Nathan Grigg

Fastmail JMAP backup


[Update: Since I first wrote this, Fastmail switched from using HTTP BasicAuth to Bearer Authorization. I have updated the script to match.]

I use Fastmail for my personal email, and I like to keep a backup of my email on my personal computer. Why make a backup? When I am done reading or replying to an email, I make a split-second decision on whether to delete or archive it on Fastmail’s server. If it turns out I deleted something that I need later, I can always look in my backup. The backup also predates my use of Fastmail and serves as a service-independent store of my email.

My old method of backing up the email was to forward all my email to a Gmail account, then use POP to download the email with a hacked-together script. This had the added benefit that the Gmail account also served as a searchable backup.

Unfortunately the Gmail account ran out of storage and the POP script kept hanging for some reason, which together motivated me to get away from this convoluted backup strategy.

The replacement script uses JMAP to connect directly to Fastmail and download all messages. It is intended to run periodically, and what it does is pick an end time 24 hours in the past, download all email older than that, and then record the end time. The next time it runs, it searches for mail between the previous end time and a new end time, which is again 24 hours in the past.

Why pick a time in the past? Well, I’m not confident that if you search up until this exact moment, you are guaranteed to get every message. A message could come in, then two seconds later you send a query, but it hits a server that doesn’t know about your message yet. I’m sure an hour is more than enough leeway, but since this is a backup, we might as well make it a 24-hour delay.

Note that I am querying all mail, regardless of which mailbox it is in, so even if I have put a message in the trash, my backup script will find it and download it.

JMAP is a modern JSON-based replacement for IMAP and much easier to use, such that the entire script is 140 lines, even with my not-exactly-terse use of Python.

Here is the script, with some notes below.

  1 import argparse
  2 import collections
  3 import datetime
  4 import os
  5 import requests
  6 import string
  7 import sys
  8 import yaml
 10 Session = collections.namedtuple('Session', 'headers account_id api_url download_template')
 13 def get_session(token):
 14     headers = {'Authorization': 'Bearer ' + token}
 15     r = requests.get('', headers=headers)
 16     [account_id] = list(r.json()['accounts'])
 17     api_url = r.json()['apiUrl']
 18     download_template = r.json()['downloadUrl']
 19     return Session(headers, account_id, api_url, download_template)
 22 Email = collections.namedtuple('Email', 'id blob_id date subject')
 25 def query(session, start, end):
 26     json_request = {
 27         'using': ['urn:ietf:params:jmap:core', 'urn:ietf:params:jmap:mail'],
 28         'methodCalls': [
 29             [
 30                 'Email/query',
 31                 {
 32                     'accountId': session.account_id,
 33                     'sort': [{'property': 'receivedAt', 'isAscending': False}],
 34                     'filter': {
 35                         'after': start.isoformat() + 'Z',
 36                         'before': end.isoformat() + 'Z',
 37                     },
 38                     'limit': 50,
 39                 },
 40                 '0',
 41             ],
 42             [
 43                 'Email/get',
 44                 {
 45                     'accountId': session.account_id,
 46                     '#ids': {
 47                         'name': 'Email/query',
 48                         'path': '/ids/*',
 49                         'resultOf': '0',
 50                     },
 51                     'properties': ['blobId', 'receivedAt', 'subject'],
 52                 },
 53                 '1',
 54             ],
 55         ],
 56     }
 58     while True:
 59         full_response =
 60             session.api_url, json=json_request, headers=session.headers
 61         ).json()
 63         if any(x[0].lower() == 'error' for x in full_response['methodResponses']):
 64             sys.exit(f'Error received from server: {full_response!r}')
 66         response = [x[1] for x in full_response['methodResponses']]
 68         if not response[0]['ids']:
 69             return
 71         for item in response[1]['list']:
 72             date = datetime.datetime.fromisoformat(item['receivedAt'].rstrip('Z'))
 73             yield Email(item['id'], item['blobId'], date, item['subject'])
 75         # Set anchor to get the next set of emails.
 76         query_request = json_request['methodCalls'][0][1]
 77         query_request['anchor'] = response[0]['ids'][-1]
 78         query_request['anchorOffset'] = 1
 81 def email_filename(email):
 82     subject = (
 83             email.subject.translate(str.maketrans('', '', string.punctuation))[:50]
 84             if email.subject else '')
 85     date ='%Y%m%d_%H%M%S')
 86     return f'{date}_{}_{subject.strip()}.eml'
 89 def download_email(session, email, folder):
 90     r = requests.get(
 91         session.download_template.format(
 92             accountId=session.account_id,
 93             blobId=email.blob_id,
 94             name='email',
 95             type='application/octet-stream',
 96         ),
 97         headers=session.headers,
 98     )
100     with open(os.path.join(folder, email_filename(email)), 'wb') as fh:
101         fh.write(r.content)
104 if __name__ == '__main__':
105     # Parse args.
106     parser = argparse.ArgumentParser(description='Backup jmap mail')
107     parser.add_argument('--config', help='Path to config file', nargs=1)
108     args = parser.parse_args()
110     # Read config.
111     with open(args.config[0], 'r') as fh:
112         config = yaml.safe_load(fh)
114     # Compute window.
115     session = get_session(config['token'])
116     delay_hours = config.get('delay_hours', 24)
118     end_window = datetime.datetime.utcnow().replace(microsecond=0) - datetime.timedelta(
119         hours=delay_hours
120     )
122     # On first run, 'last_end_time' wont exist; download the most recent week.
123     start_window = config.get('last_end_time', end_window - datetime.timedelta(weeks=1))
125     folder = config['folder']
127     # Do backup.
128     num_results = 0
129     for email in query(session, start_window, end_window):
130         # We want our search window to be exclusive of the right endpoint.
131         # It should be this way in the server, according to the spec, but
132         # Fastmail's query implementation is inclusive of both endpoints.
133         if == end_window:
134             continue
135         download_email(session, email, folder)
136         num_results += 1
137     print(f'Archived {num_results} emails')
139     # Write config
140     config['last_end_time'] = end_window
141     with open(args.config[0], 'w') as fh:
142         yaml.dump(config, fh)

The get_session function is run once at the beginning of the script, and fetches some important data from the server including the account ID and a URLs to use.

The query function does the bulk of the work, sending a single JSON request multiple times to page through the search results. It is actually a two-part request, first Email/query, which returns a list of ids, and then Email/get, which gets some email metadata for each result. I wrote this as a generator to make the main part of my script simpler. The paging is performed by capturing the ID of the final result of one query, and asking the next query to start at that position plus one (lines 77-78). We are done when the query returns no results (line 69).

The download_email function uses the blob ID to fetch the entire email and saves it to disk. This doesn’t really need to be its own function, but it will help if I later decide to use multiple threads to do the downloading.

Finally, the main part of the script reads configuration from a YAML file, including the last end time. It loops through the results of query, calling download_email on each result. Finally, it writes the configuration data back out to the YAML file, including the updated last_end_time.

To run this, you will need to first populate a config file with the destination folder and your API token, like this:

token: ffmu-xxxxx-your-token-here
folder: /path/to/destination/folder

You will also need to install the ‘requests’ and ‘pyyaml’ packages using python -m pip install requests pyyaml. Copy the above script onto your computer and run it using python --config=config_file. Note that everything here uses Python 3, so you may have to replace ‘python’ with ‘python3’ in these commands.