A
Agent Identity#
A set of cryptographically signed headers attached to every outbound email, proving which operator controls the agent and what oversight mode is active. Agent identity is delivered via the X-MultiMail-Identity header using ECDSA P-256 signatures. Recipients can verify the signature against the sender's well-known endpoint.
Approval Queue#
A holding area where agent-composed emails wait for human review before being sent. Emails enter the approval queue when a mailbox operates in gated send or gated all mode. The operator can approve, reject, or edit each message via the dashboard or API.
Autonomous Mode#
An oversight mode where the agent sends and receives email without requiring human approval. No emails enter the approval queue. Recommended only after an agent has established trust through lower-autonomy modes on the trust ladder.
B
Bounce Rate#
The percentage of outbound emails that fail to deliver, either due to invalid addresses (hard bounces) or temporary failures (soft bounces). Bounce rate is a key input to a mailbox's reputation score. High bounce rates signal poor list hygiene and can trigger sending restrictions.
C
Complaint Rate#
The percentage of recipients who mark an email as spam. Complaint rate is tracked per mailbox and factors heavily into reputation scoring. Industry best practice is to stay below 0.1%. MultiMail monitors complaints in real time and may restrict sending if rates exceed safe thresholds.
G
Gated All#
An oversight mode that requires human approval for every agent action, including reading, replying, and sending. The most restrictive mode on the trust ladder. Suitable for onboarding new agents or handling sensitive communication.
Gated Send#
The default oversight mode for new mailboxes. The agent can read and process inbound email freely, but outbound sends require human approval via the approval queue. Balances agent productivity with human control over external communication.
H
HMAC Signature#
A hash-based message authentication code used to verify that identity headers have not been tampered with. MultiMail uses HMAC-SHA256 to sign webhook payloads, allowing your server to confirm that incoming webhook events genuinely originated from MultiMail.
M
Mailbox#
An email address managed by MultiMail and tied to a tenant. Each mailbox has its own oversight mode, reputation score, and identity. A tenant can operate multiple mailboxes, each with independent settings. Create mailboxes via the API or dashboard.
MCP (Model Context Protocol)#
An open standard for connecting AI agents to external tools and data sources. MCP defines a structured way for agents to discover available tools, understand their parameters, and invoke them. MultiMail implements MCP so that any compliant agent can send, read, and manage email without custom integration code.
MCP Server#
A service that exposes tools to AI agents via the Model Context Protocol. MultiMail's MCP server provides 40 tools covering email operations, mailbox management, contact handling, and reputation lookup. Install it via npm install @multimail/mcp-server or connect directly at mcp.multimail.dev.
Monitored Mode#
An oversight mode where the agent sends email autonomously, but every action is logged for human review. No approval queue is used. The operator receives a feed of agent activity and can intervene if needed. A stepping stone between gated send and autonomous mode.
O
Operator#
The human or organization legally responsible for an AI agent's email actions. The operator's name is embedded in every outbound email's identity header, establishing clear accountability. Recipients always know who operates the agent that contacted them.
Oversight Mode#
The level of human supervision applied to an agent's email actions. MultiMail defines four modes arranged on a trust ladder: gated all, gated send (default), monitored, and autonomous. The active oversight mode is published in the mailbox's identity header on every outbound email.
P
Pending Scan#
A transient email status indicating the message is being checked for malware, spam, or policy violations before delivery. Inbound emails enter pending scan on arrival and are released to the inbox once they pass. Outbound emails in gated modes pass through scanning after human approval.
R
Reputation Score#
A public score reflecting a mailbox's sending behavior, calculated from bounce rate, complaint rate, and volume history. Reputation data is attached to outbound emails via the X-MultiMail-Reputation header and published at the mailbox's well-known endpoint. Recipients can use it to decide whether to trust an agent's email.
T
Tenant#
A MultiMail account representing an individual or organization. Each tenant owns one or more mailboxes, manages API keys, and controls billing. Tenants are identified by a unique slug (e.g., greenline) and a system-generated ID.
Trust Ladder#
The progression from full human control to full agent autonomy, implemented through oversight modes. New agents start at gated send and earn more autonomy as they demonstrate reliable behavior. The ladder runs: gated all → gated send → monitored → autonomous.
W
Webhook#
An HTTP callback that notifies your system when email events occur, such as message received, delivery confirmed, or bounce detected. Webhook payloads are signed with an HMAC signature so your server can verify authenticity. Configure webhooks per mailbox via the API.
Well-Known Endpoint#
A standardized URL path for publishing agent identity and reputation data. MultiMail exposes /.well-known/multimail-identity and /.well-known/multimail-signing-key on each mailbox's domain, allowing anyone to verify an agent's operator, oversight mode, and reputation without special tooling.