AgentMail does email. MultiMail proves it was your agent.

Both platforms route email for AI agents. MultiMail adds an ECDSA-signed identity claim, formally verified oversight proofs, and pre-send domain intelligence that AgentMail doesn't offer.


Why this matters

AgentMail gives AI agents an inbox and a send endpoint. That's enough for a prototype. It's not enough for a production system where you need to prove which agent sent what, demonstrate regulatory compliance, or block outbound messages to high-risk domains before they leave your infrastructure. As agent deployments scale, the missing layer isn't email delivery — it's accountability. Without cryptographic identity binding, you can't audit agent actions after the fact. Without formal verification of your oversight model, you can't make compliance claims to auditors. Without pre-send domain intelligence, your agent can send to a phishing domain and you won't know until the damage is done.


How MultiMail solves this

MultiMail is an email API built specifically for AI agents, with the accountability layer built in from the start. Every outbound message carries an ECDSA-signed `X-MultiMail-Identity` claim that cryptographically binds the sending agent to the message — no post-hoc attribution required. The graduated oversight model (read_only → gated_all → gated_send → monitored → autonomous) is formally verified in Lean 4, so the behavioral guarantees aren't marketing claims — they're machine-checked proofs. Pre-send domain intelligence runs on every recipient address before the message leaves your account, flagging disposable addresses, newly registered domains, and known phishing infrastructure. EU AI Act compliance documentation is included for high-risk AI system operators.

1

Issue a mailbox with identity binding

Create a mailbox via `POST /v1/mailboxes` or the MCP `create_mailbox` tool. Each mailbox is bound to the operator's signing identity. When the agent sends, MultiMail automatically attaches a signed `X-MultiMail-Identity` claim — an ECDSA P-256 payload plus signature covering the oversight mode, capabilities, AI-generated flag, and operator plus mailbox identity (the issued-at timestamp is a field inside the signed claim). The signing public key is served from `GET https://api.multimail.dev/.well-known/multimail-signing-key`, so any recipient can verify it.

2

Run pre-send domain intelligence

Before any outbound message is queued, MultiMail runs a pre-send check on the recipient domain. Disposable email providers, domains with no valid MX, and domains with poor platform reputation are caught server-side. A recipient that fails the check is blocked: the send returns a 422 with `{ error, reason, tier: "red" }` rather than a bounce after delivery, so your agent can handle it instead of damaging your sender reputation.

3

Apply graduated oversight

Set `oversight_mode: gated_send` so your agent reads and classifies inbound email autonomously but every outbound message routes to a human approval queue before delivery. Use `list_pending` to retrieve queued messages and `decide_email` to approve or cancel. Upgrade to `monitored` once you've established a baseline of agent behavior you trust.

4

Audit with cryptographic receipts

Every approved send is logged with the agent identity signature, the approver identity, and a content hash. Use `read_email` or `get_thread` to retrieve the full signed audit trail. For EU AI Act Article 13 transparency obligations, the audit log is exportable in structured format with the formal proof reference included.

5

Verify oversight proofs independently

MultiMail's oversight model is proven correct in Lean 4. The proof source is published and machine-checkable. If your compliance team or an external auditor needs to verify that `gated_send` mode cannot be bypassed by a misbehaving agent, they can run `lake build` against the proof file — no trust in MultiMail's word required.


Try it with your agent

Pick your platform, copy the prompt, and paste it to your AI agent — it sets up MultiMail and builds the whole flow. Nothing to fill in.

1. Get MultiMail ready: read https://multimail.dev/llms.txt, connect the MCP server, create a free inbox, and set up a verified sender. 2. In the OpenAI Agents SDK, register MultiMail email actions as agent tools and trigger them through normal function/tool calling when the agent determines that an outbound email is required. 3. Replace any prototype AgentMail send step with a production email workflow: classify the message purpose, draft the email from approved brand voice and policy context, check recipients for customer, auditor, partner, or high-risk domain handling, and prepare a short audit note explaining why this agent is allowed to send. 4. Run all outbound mail in gated_send mode so drafts can be prepared automatically but cannot leave until approved; schedule follow-ups only after the first approved send establishes the cadence. 5. Ask me only for OpenAI access, the brand sending domain, approved sender name, and the final go-live approval credentials.

What you get

Cryptographic agent identity on every message

Every outbound message carries an ECDSA-signed `X-MultiMail-Identity` claim covering the oversight mode, capabilities, AI-generated flag, and operator plus mailbox identity. Recipients and auditors can verify which agent sent a message without relying on MultiMail's logs. AgentMail has no equivalent — you get a sender address, not a verifiable identity.

Formally verified oversight model

MultiMail's oversight modes are proven correct in Lean 4. The behavioral guarantees — that `gated_send` cannot be bypassed, that approval decisions are recorded before delivery — are machine-checked proofs, not documentation claims. This matters when auditors ask you to demonstrate your AI system's human oversight controls.

Pre-send domain intelligence

Every outbound address is checked before the message leaves your account. Disposable providers, domains with no valid MX, and poor-reputation domains are blocked at send time with a 422, so the problem surfaces to your agent or pipeline before delivery, not after a bounce or abuse report.

EU AI Act compliance documentation

For operators running high-risk AI systems under EU AI Act Article 13, MultiMail provides structured audit logs with proof references, transparency disclosures, and oversight mode documentation. AgentMail has no compliance documentation layer.

Graduated oversight that matches agent maturity

Start at `gated_send` during evaluation, move to `monitored` once you've established a behavioral baseline, and switch to `autonomous` for fully trusted agents. Each mode change is reflected in the audit log. AgentMail offers no oversight progression model.


Recommended oversight mode

Recommended
gated_send
When migrating from AgentMail or evaluating MultiMail alongside it, start at gated_send. This lets your agent read and classify inbound email autonomously — no interruptions for routine operations — while every outbound message goes through human review before delivery. You accumulate a signed audit trail during the evaluation period, which establishes the behavioral baseline needed to justify moving to monitored or autonomous later. For EU AI Act high-risk deployments, gated_send satisfies Article 14 human oversight requirements without requiring fully manual operation.

Common questions

Can I migrate existing AgentMail mailboxes to MultiMail?
Yes. Provision equivalent mailboxes via `create_mailbox` using the same addresses (if you own the domain) or new `@multimail.dev` addresses. Inbound routing is updated via MX record change. Existing message history in AgentMail is not migrated — MultiMail starts a fresh audit trail from your first message.
What does the X-MultiMail-Identity header contain?
It is an ECDSA P-256 signed claim — a base64url payload plus a base64url signature — covering the oversight mode, capabilities, the AI-generated flag, and the operator plus mailbox identity (the issued-at timestamp is a field inside the payload, not a separate header). The signing public key is served from `https://api.multimail.dev/.well-known/multimail-signing-key`. There is no identity-lookup API — the claim is self-contained in the message, so recipients can verify it (or use the hosted verifier at `https://multimail.dev/verify#<header-value>`) without any MultiMail account or SDK.
How does the Lean 4 formal proof work in practice?
MultiMail's oversight model is encoded as propositions in Lean 4 — for example, that no message with `oversight_mode=gated_send` can reach a delivery queue without a corresponding approval record. The proof source is published. Run `lake build` to verify the proofs independently. CI re-checks them on every push to the MultiMail codebase.
What domain intelligence signals does MultiMail check before send?
The pre-send check evaluates recipients on disposable email provider lists, MX record validity, and platform reputation for the recipient domain. The check runs synchronously before the message is queued; a recipient that fails is blocked with a 422 carrying a reason and risk tier, rather than returning a numeric score for the agent to weigh.
Does MultiMail support the same MCP tool names as AgentMail?
MultiMail's MCP server exposes 51 tools including `send_email`, `check_inbox`, `read_email`, `reply_email`, `get_thread`, `list_pending`, `decide_email`, and `create_mailbox`. AgentMail's MCP tool surface is smaller. MultiMail tool names are documented at https://api.multimail.dev and are stable across versions.
What EU AI Act obligations does MultiMail help satisfy?
MultiMail's audit log with agent identity signatures and oversight decision records supports Article 13 (transparency) and Article 14 (human oversight) obligations. The formal proofs provide documented evidence that oversight controls cannot be bypassed by the AI system. MultiMail does not itself constitute an EU AI Act conformity assessment — that remains the operator's responsibility.
Is there a free tier to evaluate MultiMail before committing?
Yes. The Starter plan is free and includes 2 mailboxes and 200 emails per month — enough to run a parallel evaluation against your existing AgentMail setup. Use `mm_test_...` keys against the same API surface to validate integration before switching production traffic.

Explore more use cases

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.