Email Oversight for E2B Sandboxed Agents

E2B sandboxes prevent code execution damage — MultiMail adds the email-specific safety layer that catches sends from within the sandbox.

E2B provides secure sandboxed environments (isolated micro-VMs) where AI agents execute code safely. While E2B prevents filesystem and process-level damage, sandboxed code can still make network calls to email APIs. MultiMail adds an email-specific safety layer that complements E2B's execution isolation.

With MultiMail's gated_send mode, even code running inside an E2B sandbox must have its emails approved by a human before delivery. This defense-in-depth approach means E2B handles code execution safety while MultiMail handles email delivery safety.

Integration is straightforward: install the requests library in the E2B sandbox and call the MultiMail REST API from your sandboxed code. MultiMail's oversight is enforced server-side, so the sandbox cannot bypass it.

Why MultiMail

Built for E2B developers

Defense in Depth for Email

E2B sandboxes prevent code damage but can't stop outbound API calls. MultiMail adds an email-specific gate at the API level, ensuring sandboxed code can't send unauthorized emails.

Server-Side Oversight

MultiMail's oversight is enforced on MultiMail's servers, not in the sandbox. Even if sandbox code tries to bypass client-side checks, the API refuses to deliver emails without approval in gated_send mode.

Sandbox-Friendly REST API

MultiMail's REST API works from any environment that can make HTTPS calls. No special SDKs or native dependencies needed — just standard HTTP requests from within the E2B sandbox.

Rate Limiting as a Backstop

If sandboxed code enters a loop calling the email API, MultiMail's plan-level rate limits prevent excessive sends. Combined with gated_send, this provides multiple safety layers.

Code examples

Get started in minutes

Send Email from E2B Sandbox
python
from e2b_code_interpreter import Sandbox

sandbox = Sandbox()

"cm"># Install requests in the sandbox
sandbox.commands.run("pip install requests")

"cm"># Execute email code inside the sandbox
execution = sandbox.run_code("""
import requests

MULTIMAIL_API = "https://api.multimail.dev/v1"
HEADERS = {"Authorization": "Bearer mm_live_your_api_key"}

# Send email — gated_send mode queues for approval
resp = requests.post(f"{MULTIMAIL_API}/send", headers=HEADERS, json={
    "mailbox_id": "your_mailbox_id",
    "to": "[email protected]",
    "subject": "Report from sandbox",
    "body": "This email was composed by an agent running in an E2B sandbox."
})

result = resp.json()
print(f"Status: {result.get(&"cm">#039;status')}")
print(f"Email queued for approval: {result.get(&"cm">#039;id')}")
""")

print(execution.text)
sandbox.kill()

Execute email-sending code inside an E2B sandbox with MultiMail oversight.

Check Inbox from Sandbox
python
from e2b_code_interpreter import Sandbox

sandbox = Sandbox()
sandbox.commands.run("pip install requests")

execution = sandbox.run_code("""
import requests
import json

MULTIMAIL_API = "https://api.multimail.dev/v1"
HEADERS = {"Authorization": "Bearer mm_live_your_api_key"}
MAILBOX_ID = "your_mailbox_id"

# Check inbox
resp = requests.get(
    f"{MULTIMAIL_API}/mailboxes/{MAILBOX_ID}/inbox",
    headers=HEADERS,
    params={"limit": 5}
)

inbox = resp.json()
for msg in inbox.get("messages", []):
    print(f"From: {msg[&"cm">#039;from']}")
    print(f"Subject: {msg[&"cm">#039;subject']}")
    print(f"Date: {msg[&"cm">#039;date']}")
    print("---")
""")

print(execution.text)
sandbox.kill()

Read emails from within an E2B sandbox for agent processing.

Agent-Driven Email Processing in Sandbox
python
from e2b_code_interpreter import Sandbox
from openai import OpenAI

client = OpenAI()
sandbox = Sandbox()
sandbox.commands.run("pip install requests")

"cm"># LLM generates email processing code
response = client.chat.completions.create(
    model="gpt-4o",
    messages=[{
        "role": "system",
        "content": (
            "Generate Python code that uses the MultiMail API "
            "to check the inbox and draft replies to unread "
            "messages. API base: https://api.multimail.dev/v1, "
            "auth: Bearer mm_live_your_api_key, "
            "mailbox: your_mailbox_id. "
            "All sends use gated_send mode (queued for approval)."
        )
    }, {
        "role": "user",
        "content": "Check inbox, summarize messages, reply to urgent ones"
    }]
)

generated_code = response.choices[0].message.content

"cm"># Execute the LLM-generated code safely in E2B sandbox
"cm"># MultiMail's API-level oversight catches any email sends
execution = sandbox.run_code(generated_code)
print(execution.text)
sandbox.kill()

Let an LLM agent generate and run email processing code inside a sandboxed environment.

Getting started

Step by step

1

Create a MultiMail Account and API Key

Sign up at multimail.dev, create a mailbox, and generate an API key from your dashboard. Your key will start with mm_live_.

2

Install E2B

Install the E2B code interpreter SDK.

bash
pip install e2b-code-interpreter
3

Set Up Sandbox with Dependencies

Create an E2B sandbox and install the requests library for making MultiMail API calls.

bash
sandbox = Sandbox()
sandbox.commands.run(&"cm">#039;pip install requests')
4

Execute Email Code in Sandbox

Run code that calls the MultiMail API from within the sandbox. The API key authenticates the request, and gated_send mode ensures oversight.

5

Approve Pending Emails

Review emails queued by sandbox code in the MultiMail dashboard. Approve or reject before delivery.

FAQ

Common questions

Can sandboxed code bypass MultiMail's oversight?
No. MultiMail's oversight is enforced server-side at the API level. The sandbox code sends an HTTP request to MultiMail's servers, which check the mailbox's oversight mode before processing. Even if the sandbox code is malicious, the API will not deliver emails without human approval in gated_send mode.
Should I pass the API key into the sandbox?
For development, passing the API key directly is fine. For production, consider using a scoped API key with limited permissions. MultiMail API keys can be restricted to specific mailboxes and operations, minimizing the risk if sandbox code misuses the key.
How does E2B sandbox isolation complement MultiMail?
E2B prevents code-level damage — filesystem corruption, process abuse, resource exhaustion. MultiMail prevents email-level damage — unauthorized sends, spam, phishing. Together they provide defense in depth: the sandbox controls what code can do locally, MultiMail controls what it can send externally.
Can I use the MultiMail MCP server inside an E2B sandbox?
Yes, but the REST API is simpler for sandbox use. The MCP server requires Node.js and runs as a process, adding complexity to the sandbox setup. Direct HTTP calls to the REST API work with just the requests library and are easier to manage in ephemeral sandbox environments.
Related integrations

Explore more

TaskWeaver

coding-agent · python

View guide →

Composio

tool-use · both

View guide →

Modal

coding-agent · python

View guide →
Get started

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a 38-tool MCP server. Formally verified in Lean 4.

Read the Docs See Pricing