Email infrastructure for GitHub Actions workflows

Route deployment notices, incident alerts, and release summaries through MultiMail's approval and identity layer — so automated CI events don't flood inboxes unchecked.


GitHub Actions workflows trigger on push, pull request, release, schedule, and dozens of other repository events. When those workflows need to send email — deployment notices, failure alerts, security scan results, release announcements — they typically use raw SMTP or a transactional service with no controls on who can send what to whom.

MultiMail gives GitHub Actions a managed email surface with oversight modes, identity verification, and per-workflow policy enforcement. A workflow step calls the MultiMail REST API directly using a stored secret. The API handles delivery, logging, and — if configured — human approval before any message leaves your domain.

CI pipelines can generate email volume fast. A failed deployment that retries five times produces five alert emails. MultiMail's `gated_send` mode lets you require a human to approve before batches of automated messages go out, while `monitored` mode delivers immediately but logs every send for audit. You pick the tradeoff per workflow, not globally.

Built for GitHub Actions developers

Approval gates on CI-triggered sends

Set a workflow's mailbox to `gated_send` or `gated_all` and no message leaves until a human approves it via the MultiMail dashboard or API. Stops alert storms and accidental mass-sends before they reach recipients.

Auditable send log for every workflow run

Every email sent through MultiMail is recorded with the sending identity, timestamp, recipient, and approval status. You can correlate email sends back to specific workflow runs using custom headers or subject prefixes.

Per-mailbox identity enforcement

Each workflow can send from a dedicated mailbox — `[email protected]` or your own domain — so recipients can distinguish deployment notices from incident alerts from release announcements by sender alone.

No SMTP credentials in CI secrets

MultiMail uses Bearer token auth (`MM_API_KEY` stored as a GitHub Actions secret). No SMTP host, port, username, or password to rotate. Tokens can be scoped per mailbox and revoked without touching workflow YAML.

Rate limiting and deduplication built in

Workflows that loop or retry can easily send duplicate alerts. MultiMail enforces per-mailbox send limits and supports idempotency keys so retried workflow steps don't produce duplicate emails.

Formally verified security model

MultiMail's oversight, identity, and authorization models are proven correct in Lean 4. When your CI pipeline sends an email, the policy enforcement isn't best-effort — it's mathematically verified.


Try it with your agent

No code, no dashboard. Paste this to your AI agent — it connects MultiMail, creates an inbox, and builds the flow for you.

1. Read https://multimail.dev/llms.txt first, then connect the MultiMail MCP server to this agent. Create a free MultiMail inbox for GitHub Actions messages and set up a verified sender domain for outbound CI mail. 2. In the GitHub Actions workflow, use real Actions primitives only: workflow triggers for deployment notices, incident alerts, and release summaries; job steps to gather the event context; GitHub secrets or environment variables for credentials; and the agent’s configured MCP tool access for MultiMail. 3. Give the agent three MultiMail capabilities through the connected MCP server: check the MultiMail inbox for CI-related replies, draft replies or summaries from workflow context, and send or schedule approved email from the verified sender. 4. Send one test email from a manual workflow run that includes the repository name, workflow name, run URL, and a short “MultiMail GitHub Actions test” subject so the developer can confirm identity, formatting, and routing. 5. Run MultiMail in gated_send mode for all GitHub Actions messages. Draft deployment notices, incident alerts, and release summaries automatically, but require developer review and approval before any email is sent; do not switch to monitored or autonomous unless explicitly instructed later.

Step by step

1

Create a MultiMail account and mailbox

Sign up at multimail.dev and create a dedicated mailbox for CI notifications. Use a `@multimail.dev` address like `deploys` or a local address on your own verified domain. Set the oversight mode to `gated_send` for a safe starting point. Creating a mailbox requires an admin-scope key.

2

Store your API key as a GitHub Actions secret

In your GitHub repository, go to Settings → Secrets and variables → Actions → New repository secret. Name it `MM_API_KEY` and paste your `mm_live_...` token. For organizations, store it as an organization secret to share across multiple repositories.

3

Add a notify step to your existing workflow

Insert a send step after the job step you want to report on. Use `if: success()` or `if: failure()` to control when the notification fires. Include `github.sha`, `github.actor`, and `github.run_id` in the message body for traceability.

4

Approve or adjust the oversight mode

If using `gated_send`, log into the MultiMail dashboard to approve the first test sends and confirm the message content looks correct. Once satisfied with the format, switch the mailbox to `monitored` or `autonomous` if human approval per-send is not required for this workflow.


Common questions

Can one API key be used across multiple repositories?
Yes. Store the same `MM_API_KEY` as an organization-level secret in GitHub and reference it in any repository's workflows. However, if you want per-repository audit separation, create one mailbox per repository and use mailbox-scoped API keys so you can revoke access for a single repo without affecting others.
How do I prevent alert storms when a flaky test retries five times?
Set the mailbox to `gated_send` mode. All five alert emails will be held for approval, but only the ones a human approves will be delivered. Alternatively, pass an `idempotency_key` derived from the run ID in your send call (`POST /v1/mailboxes/{mailbox_id}/send`) — MultiMail will deduplicate sends with the same key, returning the original message on the duplicate.
Does the API call add significant latency to my workflow?
The send API call (`POST /v1/mailboxes/{mailbox_id}/send`) typically completes in under 300ms. In `gated_send` mode, the call returns 202 immediately after the message is accepted and held — it does not block until delivery. If you're calling from a script that waits for the response, add a timeout to avoid holding runner minutes unnecessarily.
Can I use this with GitHub's reusable workflows or composite actions?
Yes. Create a composite action in a shared repository that wraps the `curl` call and accepts inputs like `subject`, `body`, and `to`. Other workflows call it with `uses: yourorg/actions/notify@main` and pass their own `MM_API_KEY` secret. This lets you standardize email formatting across all repositories.
What if I need to send to different recipients depending on which branch failed?
Use GitHub Actions expression syntax to conditionally set the `to` field. For example, send failures on `main` to the oncall list and failures on feature branches to the PR author. The `github.actor` and `github.ref_name` context variables are available in any step's `env` block.
How does MultiMail handle CAN-SPAM and GDPR for automated CI emails?
CAN-SPAM applies to commercial emails, not transactional operational messages like deployment alerts sent to your own team. If you're sending release announcements to subscribers outside your organization, CAN-SPAM requires a physical address and unsubscribe mechanism; GDPR requires a lawful basis for processing recipient email addresses. MultiMail's audit log helps demonstrate processing records if required. Consult your legal team for subscriber-facing sends.

Explore more

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.