Automate candidate communications at scale while keeping a human in the loop on every send — required for EEOC, FCRA, and GDPR compliance.
Recruiting teams send thousands of emails per open role: sourcing outreach, screening follow-ups, interview confirmations, rejection notices, offer letters, and onboarding packets. Most of this volume is templated, repetitive work that coordinators spend hours on each week. AI agents can handle the full sequence — but candidate-facing communication sits at the intersection of employment law, privacy regulation, and employer brand. A miscommunication in a rejection notice can create EEOC exposure. A background check adverse action notice sent without the required disclosures violates FCRA. An outreach email sent to a candidate in the EU without documented consent violates GDPR. MultiMail is built for exactly this risk profile: agents that do the drafting and sequencing work, with a human reviewing and approving every outbound message before delivery.
AI-generated rejection emails can inadvertently include language that implies age, gender, or background-based screening — creating EEOC liability. Templated rejections sent without review have no mechanism to catch this before it reaches candidates.
When a background check result triggers a rejection, FCRA requires a specific two-step adverse action process: pre-adverse notice, waiting period, then final adverse action. Automating this sequence without per-send human review makes it easy to collapse the required timing or omit mandatory disclosures.
Sourcing candidates in GDPR-regulated jurisdictions requires documented lawful basis before the first email. Cold outreach to EU candidates without consent tracking creates data protection exposure. Rejection and deletion workflows must also honor right-to-erasure requests within statutory timescales.
Offer letters are legally significant documents. Recruiting teams need to prove delivery timing, confirm the correct version was sent, and in some cases record acceptance. Email systems without delivery receipts and immutable audit logs cannot satisfy this requirement.
Scheduling coordination across multiple candidates and interviewers involves high-frequency email at low business value — exactly the task agents should own. But errors here (wrong time, wrong link, wrong interviewer name) damage candidate experience and can cascade into missed SLAs on time-to-fill metrics.
Set oversight_mode to gated_send on your recruiting mailboxes. Agents draft rejection notices, offer letters, and scheduling confirmations autonomously. Each message is queued for recruiter review via list_pending before delivery — the agent never sends directly. Recruiters approve, edit, or cancel from the approval queue without touching the drafting workflow.
For internal-only scheduling emails where the risk profile is lower — confirmations to candidates who have already accepted, calendar invites, Zoom links — agents can operate in monitored mode. Coordinators receive notifications of every send but don't need to approve each one, reducing overhead while keeping a visible audit trail.
Use read_only mailboxes for agents that monitor inbound candidate replies — detecting acceptance, declination, or questions — and route accordingly without the ability to respond. This lets you deploy inbox intelligence before you are ready to give agents send access, with zero risk of accidental outbound sends.
For the highest-risk sends — offer letters, FCRA pre-adverse and adverse action notices — set gated_all to require explicit human approval on every action, including reads of sensitive inbound responses. This creates a documented approval record for every step of the workflow, which is directly useful in employment disputes or regulatory audits.
Pick your platform, copy the prompt, and paste it to your AI agent — it sets up MultiMail and builds the whole flow. Nothing to fill in.
| Regulation | Requirement | How MultiMail helps |
|---|---|---|
| EEOC | Candidate communications must be free of language that implies discriminatory screening based on protected characteristics including age, race, gender, national origin, disability, or religion. | gated_send oversight routes all AI-generated candidate emails through human review before delivery. Recruiters can edit or reject any draft that contains problematic language. The approval queue maintains a record of what was reviewed, who approved it, and when — creating an audit trail if a hiring decision is later challenged. |
| FCRA | When a consumer report (background check) contributes to an adverse employment decision, employers must send a pre-adverse action notice, wait at least five business days, then send a final adverse action notice with specific required disclosures. | Using gated_all oversight, agents can draft both the pre-adverse and final adverse notices and queue them for HR review before sending. The metadata field on each message records notice type and timing, making it straightforward to verify the required waiting period elapsed between the two sends. |
| GDPR | Contacting candidates in EU/EEA jurisdictions requires a documented lawful basis. Candidate data must not be retained longer than necessary, and individuals have the right to request erasure of their personal data from your systems. | Mailboxes can be segmented by region, and per-mailbox oversight modes let you apply stricter review to EU candidate outreach. Inbound deletion requests can be routed via webhook to trigger automated data removal workflows. Tag and metadata fields support tracking consent status and lawful basis per candidate. |
| State Employment Laws | Several US states (California, New York, Illinois) have specific restrictions on automated employment decisions, salary history inquiries, and required disclosures in job postings and offer letters. Some require human review of AI-assisted hiring decisions. | The gated_send and gated_all oversight modes directly satisfy requirements for human review of automated hiring communications. Every send is tied to an approval record with timestamp and approver identity, which can be exported for compliance audits or in response to state agency investigations. |
Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.