Graduated oversight controls, ECDSA-signed provenance headers, and timestamped audit trails give underwriters the evidence they need to write coverage for your AI agent email operations.
Insurance underwriting has materially retreated from unauditable AI agent risk. Verisk's January 2026 AI exclusion language now appears in 82% of global P&C policy templates, and carriers including AIG and WR Berkley have filed broader AI exclusions. The core problem is what the industry calls Independent Action Risk: autonomous agent harm that falls between operator E&O coverage and vendor product liability, creating a liability void where agents can cause harm that no existing policy covers. Gartner predicts 40% of agentic AI projects will be abandoned or restructured by 2027 due to unchecked liability exposures. For enterprises deploying AI agents that send email, this means every outbound message is an uninsured liability event unless the sending platform provides the graduated controls, provenance evidence, and audit infrastructure that underwriters require to price the risk.
MultiMail closes the insurability gap with architecture purpose-built for underwriter scrutiny. Five oversight modes (read_only, gated_all, gated_send, monitored, autonomous) provide graduated control evidence that maps directly to risk tiers. Gated-send mode creates a human-in-the-loop approval audit trail for every outbound message. X-MultiMail-Identity ECDSA-signed headers provide cryptographic provenance proof — who sent a message, under what oversight mode, and when. Per-mailbox reputation tracking (bounce rate, complaint rate) delivers continuous risk metrics. And every send, approval, and rejection is timestamped in an audit log that serves as claims investigation support. Together, these capabilities give underwriters the evidence trail they need to write coverage rather than exclude the risk.
Set each mailbox to gated_send mode, which requires human approval before any AI-composed email is delivered. This creates the human-in-the-loop control that underwriters require to classify agent email as supervised rather than autonomous.
Your AI agent composes and submits emails through the MultiMail API or MCP tools. Messages enter the approval queue rather than sending immediately, and each submission is logged with a timestamp and agent identity.
A human reviewer approves or rejects each pending message. Both outcomes are recorded in the audit log with the reviewer identity, timestamp, and decision rationale — creating the approval chain underwriters need for claims investigation.
Every approved email includes an X-MultiMail-Identity header signed with ECDSA P-256, containing the ai_generated flag, oversight mode, operator identity, and approval metadata. This cryptographic proof is verifiable by any third party.
MultiMail tracks per-mailbox reputation metrics including bounce rate and complaint rate. These risk indicators are available via API for ongoing underwriting assessment and policy renewal evidence.
The complete audit log — every send, approval, rejection, and delivery event — is exportable for claims investigation, regulatory examination, or policy renewal documentation.
import requests
from datetime import datetime, timedelta
API = "https://api.multimail.dev/v1"
HEADERS = {"Authorization": "Bearer mm_live_xxx"}
def generate_insurability_report(period_days: int = 30):
"""Generate an insurer-ready audit report for underwriting."""
mailboxes = requests.get(
f"{API}/mailboxes", headers=HEADERS
).json()["mailboxes"]
report_lines = [
"AGENT EMAIL INSURABILITY REPORT",
f"Period: last {period_days} days",
f"Generated: {datetime.utcnow().isoformat()}Z",
f"Total mailboxes: {len(mailboxes)}",
"",
"MAILBOX RISK POSTURE",
"-" * 60
]
for mb in mailboxes:
usage = requests.get(
f"{API}/usage?mailbox_id={mb[&"cm">#039;id']}",
headers=HEADERS
).json()
audit = requests.get(
f"{API}/audit-log?mailbox_id={mb[&"cm">#039;id']}&limit=1000",
headers=HEADERS
).json()
sends = [e for e in audit["entries"] if e["action"] == "send"]
approvals = [e for e in audit["entries"] if e["action"] == "approve"]
rejections = [e for e in audit["entries"] if e["action"] == "reject"]
approval_rate = (
len(approvals) / (len(approvals) + len(rejections)) * 100
if (approvals or rejections) else 0
)
report_lines.extend([
f"\nMailbox: {mb[&"cm">#039;address']}",
f" Oversight mode: {mb[&"cm">#039;oversight_mode']}",
f" AI disclosure: {&"cm">#039;enabled' if mb.get('ai_disclosure', {}).get('enabled') else 'disabled'}",
f" Sends this period: {len(sends)}",
f" Approval rate: {approval_rate:.1f}%",
f" Rejections: {len(rejections)}",
f" Bounce rate: {mb.get(&"cm">#039;reputation', {}).get('bounce_rate', 0):.2f}%",
f" Complaint rate: {mb.get(&"cm">#039;reputation', {}).get('complaint_rate', 0):.3f}%",
])
report = "\n".join(report_lines)
print(report)
return reportPull mailbox oversight modes, send volumes, and approval rates to produce an underwriting-ready risk summary across all agent-operated mailboxes.
"cm">// Underwriting risk posture assessment via MCP
interface RiskAssessment {
address: string;
oversight_mode: string;
insurable: boolean;
risk_flags: string[];
bounce_rate: number;
complaint_rate: number;
}
async function assessRiskPosture(): Promise<RiskAssessment[]> {
const mailboxes = await mcp.list_mailboxes({});
const assessments: RiskAssessment[] = [];
for (const mb of mailboxes) {
const flags: string[] = [];
"cm">// Autonomous mode = no human-in-the-loop = hard to insure
if (mb.oversight_mode === "autonomous") {
flags.push("NO_HUMAN_OVERSIGHT");
}
if (mb.oversight_mode === "monitored") {
flags.push("POST_HOC_REVIEW_ONLY");
}
if (!mb.ai_disclosure?.enabled) {
flags.push("NO_AI_DISCLOSURE");
}
if ((mb.reputation?.bounce_rate ?? 0) > 2.0) {
flags.push("ELEVATED_BOUNCE_RATE");
}
if ((mb.reputation?.complaint_rate ?? 0) > 0.1) {
flags.push("ELEVATED_COMPLAINT_RATE");
}
const insurable = flags.length === 0 && (
mb.oversight_mode === "gated_send" ||
mb.oversight_mode === "gated_all" ||
mb.oversight_mode === "read_only"
);
assessments.push({
address: mb.address,
oversight_mode: mb.oversight_mode,
insurable,
risk_flags: flags,
bounce_rate: mb.reputation?.bounce_rate ?? 0,
complaint_rate: mb.reputation?.complaint_rate ?? 0,
});
}
const uninsurable = assessments.filter(a => !a.insurable);
if (uninsurable.length > 0) {
console.log(
`${uninsurable.length} mailbox(es) have risk flags ` +
`that may prevent underwriting coverage:`
);
for (const a of uninsurable) {
console.log(` ${a.address}: ${a.risk_flags.join(", ")}`);
}
}
return assessments;
}Use MultiMail MCP tools to assess mailbox risk posture for underwriting evaluation. Flags mailboxes operating in autonomous mode or with elevated bounce/complaint rates.
import requests
API = "https://api.multimail.dev/v1"
HEADERS = {"Authorization": "Bearer mm_live_xxx"}
def configure_insurable_mailbox(mailbox_id: str, operator: str):
"""Configure a mailbox for insurable agent operations.
Sets gated_send oversight (human approves before delivery)
and enables AI disclosure headers for provenance proof.
"""
"cm"># Set oversight mode to gated_send
response = requests.patch(
f"{API}/mailboxes/{mailbox_id}",
headers=HEADERS,
json={
"oversight_mode": "gated_send",
"ai_disclosure": {
"enabled": True,
"operator": operator,
"capabilities": ["compose", "reply"]
}
}
)
mb = response.json()
print(f"Mailbox: {mb[&"cm">#039;address']}")
print(f"Oversight mode: {mb[&"cm">#039;oversight_mode']}")
print(f"AI disclosure: enabled")
print(f"Operator: {operator}")
print()
print("Insurability controls active:")
print(" [x] Human-in-the-loop approval (gated_send)")
print(" [x] ECDSA-signed provenance headers")
print(" [x] AI-generated content disclosure")
print(" [x] Audit trail for all send/approve/reject events")
print(" [x] Per-mailbox reputation tracking")
return mb
# Configure all agent mailboxes for insurable operations
mailboxes = requests.get(
f"{API}/mailboxes", headers=HEADERS
).json()["mailboxes"]
for mb in mailboxes:
configure_insurable_mailbox(mb["id"], "Acme Corp")
print()Set up a mailbox with gated-send oversight and AI disclosure enabled, creating the minimum control evidence required for most underwriters to write coverage.
"cm">#!/bin/bash
"cm"># Export audit trail for insurance claims investigation
"cm"># Usage: ./export-claims-audit.sh <mailbox_id> <start_date> <end_date>
MAILBOX_ID="$1"
START_DATE="$2"
END_DATE="$3"
API="https://api.multimail.dev/v1"
TOKEN="mm_live_xxx"
echo "=== CLAIMS INVESTIGATION AUDIT EXPORT ==="
echo "Mailbox: $MAILBOX_ID"
echo "Window: $START_DATE to $END_DATE"
echo "Exported: $(date -u +%Y-%m-%dT%H:%M:%SZ)"
echo ""
"cm"># Export mailbox configuration (oversight mode, disclosure settings)
echo "--- MAILBOX CONFIGURATION ---"
curl -s "$API/mailboxes/$MAILBOX_ID" \
-H "Authorization: Bearer $TOKEN" | jq &"cm">#039;{
address,
oversight_mode,
ai_disclosure,
reputation
}&"cm">#039;
echo ""
echo "--- AUDIT LOG ENTRIES ---"
"cm"># Fetch audit log for the incident window
curl -s "$API/audit-log?mailbox_id=$MAILBOX_ID&start=$START_DATE&end=$END_DATE&limit=5000" \
-H "Authorization: Bearer $TOKEN" | jq &"cm">#039;.entries[] | {
timestamp: .timestamp,
action: .action,
message_id: .message_id,
recipient: .recipient,
reviewer: .reviewer,
decision: .decision,
oversight_mode: .oversight_mode
}&"cm">#039;
echo ""
echo "--- SUMMARY ---"
curl -s "$API/audit-log?mailbox_id=$MAILBOX_ID&start=$START_DATE&end=$END_DATE&limit=5000" \
-H "Authorization: Bearer $TOKEN" | jq &"cm">#039;{
total_events: (.entries | length),
sends: ([.entries[] | select(.action == "send")] | length),
approvals: ([.entries[] | select(.action == "approve")] | length),
rejections: ([.entries[] | select(.action == "reject")] | length)
}&"cm">#039;Export the complete audit trail for a mailbox during a specific incident window. Produces a timestamped record of every send, approval, and rejection for claims adjusters.
AI agent harm that falls between operator E&O and vendor product liability leaves enterprises uninsured. MultiMail's oversight modes and approval trails provide the documented control evidence that lets underwriters classify agent email as supervised risk rather than excluding it entirely.
With 82% of global P&C templates now containing AI exclusion language, enterprises need proof of human oversight to negotiate exclusion carve-outs. Gated-send mode with timestamped approvals demonstrates the human-in-the-loop control that differentiates insurable operations from excluded autonomous risk.
Every outbound email carries an X-MultiMail-Identity header signed with ECDSA P-256, proving who sent the message, under what oversight mode, and when. During claims investigation, this provenance proof eliminates disputes about agent attribution and control state.
Per-mailbox reputation tracking — bounce rate, complaint rate, approval rate — provides the continuous risk metrics underwriters need for accurate pricing. Export these metrics at policy renewal to demonstrate sustained operational discipline.
Every send, approval, rejection, and delivery event is timestamped in the audit log. When a claim arises, the complete evidence trail is exportable for adjusters — no forensic reconstruction required, no gaps in the record.
Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a 38-tool MCP server. Formally verified in Lean 4.