Email infrastructure for Replicate-powered agents

Replicate handles model inference. MultiMail handles the email boundary — approval gates, delivery, and an audit trail for whatever your models produce.


Replicate gives agents access to hundreds of open and proprietary models through a single API. When those models generate text, images, or structured output that needs to reach a human inbox, you need a separate layer to handle delivery safely. Model output and email sending are different responsibilities with different failure modes.

MultiMail sits between Replicate's predictions and your recipients. It provides oversight modes that let you require human approval before any model-generated content leaves your system, log every send decision for compliance review, and route inbound replies back to the agent that sent the original message.

The integration is direct: call Replicate to run inference, pass the output to MultiMail's REST API or MCP server, and let MultiMail handle delivery policy. No shared SDK required — both services expose clean HTTP APIs that compose naturally in any language or agent framework.

Built for Replicate developers

Approval gates before model output reaches inboxes

Replicate predictions can produce content you wouldn't want sent without review. MultiMail's gated_send and gated_all modes hold outbound messages for human approval before delivery, regardless of how confident the model was.

Audit trail for generated content

Every send through MultiMail records the message, sender identity, recipient, and timestamp in the audit log (GET /v1/audit-log). When model-generated emails are involved, this log is the evidence trail regulators and auditors ask for under CAN-SPAM and GDPR.

Inbound replies routed back to your agent

When recipients reply to a Replicate-generated email, MultiMail webhooks notify your agent, which reads the message via GET /v1/mailboxes/{mailbox_id}/emails/{email_id}. The agent can continue the thread without polling or managing raw SMTP.

Sender identity separate from model provider

MultiMail mailboxes are owned by your account and cryptographically tied to your domain. The model that generated the content doesn't appear in email headers — your verified identity does.

Oversight mode you can tune per use case

High-stakes workflows (customer outreach, medical summaries) can require gated_all approval. Internal digest pipelines can run in monitored mode. The mode is set per mailbox, not per request.


Try it with your agent

No code, no dashboard. Paste this to your AI agent — it connects MultiMail, creates an inbox, and builds the flow for you.

1. Get MultiMail ready first. Read https://multimail.dev/llms.txt, connect the MultiMail MCP server in this agent environment, create a free inbox for this project, and set up a verified sending domain. Treat MultiMail as the email boundary for approval gates, delivery, and audit trail. 2. Wire Replicate in through Replicate's real agent integration path: connect Replicate's MCP server to this same agent so you can search models, create predictions, and fetch prediction results through MCP tools. Use Replicate only for model inference; do not make Replicate responsible for sending email. 3. Add three email capabilities to the agent using the MultiMail MCP tools: inbox-check to inspect new messages in the project inbox, draft-reply to compose a response using Replicate model output, and send to compose, send, or schedule email through MultiMail. Do not invent any MultiMail API paths, headers, webhooks, or delivery infrastructure. 4. Send a test email from the verified sending domain to my own address. The message should say this is a MultiMail plus Replicate smoke test, include the project inbox address, and confirm that Replicate handled model inference while MultiMail handled the email boundary. 5. Run the whole workflow in gated_send oversight mode. Before any email is sent or scheduled, show me the recipient, subject, body, and reason for sending, then wait for my explicit approval.

Step by step

1

Get a MultiMail API key and create a mailbox

Sign up at multimail.dev, create a mailbox (custom domain or @multimail.dev subdomain), and copy your API key from the dashboard. Set the mailbox oversight mode to gated_send for initial testing — this lets you inspect outbound messages before they deliver.

2

Install the Replicate client and set up credentials

Install the Replicate JavaScript or Python client and export your Replicate API token. You'll authenticate to both services independently — MultiMail via Bearer token, Replicate via its own token header.

3

Run a prediction and send the output

Make a Replicate prediction call, wait for the result, then post it to MultiMail's POST /v1/mailboxes/{mailbox_id}/send endpoint. Start with a text generation model so you can inspect the full round trip before adding multimodal steps.

4

Approve the pending message and verify delivery

Because the mailbox is in gated_send mode, the message is queued. Use GET /v1/oversight/pending to see it, then POST /v1/oversight/decide to approve. Check your inbox to confirm delivery.

5

Wire up inbound webhooks for reply handling

Configure a webhook endpoint in the MultiMail dashboard pointing to your agent server. When a recipient replies, MultiMail POSTs the event to your endpoint. Read the message via GET /v1/mailboxes/{mailbox_id}/emails/{email_id} and feed the body back to Replicate for a follow-up prediction.


Common questions

Do I need a MultiMail SDK to use it with Replicate?
No. MultiMail exposes a REST API that works with any HTTP client. Both Replicate and MultiMail are API-first services, so you compose them with fetch calls or your language's HTTP library. There is no required SDK on either side.
How do I prevent Replicate models from generating content I don't want sent?
Use MultiMail's gated_all or gated_send oversight mode. The message is held in a pending queue before delivery, giving a human the chance to review and reject it. You can also call POST /v1/oversight/decide programmatically from a content moderation step that runs after the Replicate prediction returns.
Can I include Replicate-generated images in emails sent through MultiMail?
Yes. If Replicate returns an image URL (common with image generation models), reference it in the markdown body, or download the image and attach it via the attachments field on send — each attachment is {name, content_base64, content_type}. MultiMail handles delivery; the original image hosting stays on Replicate's CDN or your own storage.
How does MultiMail handle rate limits or delivery failures?
MultiMail queues messages internally and retries transient delivery failures. You receive webhook events for email.delivered and email.bounced. For bounces, reading the message (GET /v1/mailboxes/{mailbox_id}/emails/{email_id}) returns its current status so your agent can decide whether to retry or escalate.
Is there a way to tag or categorize emails by which Replicate model generated them?
Yes. After sending, set tags on the message with PUT /v1/mailboxes/{mailbox_id}/emails/{email_id}/tags — pass a tags object like {"model": "llama-3-8b", "pipeline": "v2"}. Tags make it easy to filter the inbox and audit log by model or pipeline.
Does using Replicate affect my GDPR or CAN-SPAM compliance posture for outbound email?
Replicate is a model inference provider — it processes your prompt and returns output. Email compliance obligations (sender identification, opt-out mechanisms under CAN-SPAM, data subject rights under GDPR) apply to your sending infrastructure, which is MultiMail. MultiMail logs sender identity, recipient, and timestamps per message. You are responsible for ensuring prompts sent to Replicate don't include personal data you're not authorized to process, and that the generated content meets your jurisdiction's disclosure requirements for automated communications.

Explore more

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.