Both platforms route email for AI agents. MultiMail adds an ECDSA-signed identity claim, formally verified oversight proofs, and pre-send domain intelligence that AgentMail doesn't offer.
AgentMail gives AI agents an inbox and a send endpoint. That's enough for a prototype. It's not enough for a production system where you need to prove which agent sent what, demonstrate regulatory compliance, or block outbound messages to high-risk domains before they leave your infrastructure. As agent deployments scale, the missing layer isn't email delivery — it's accountability. Without cryptographic identity binding, you can't audit agent actions after the fact. Without formal verification of your oversight model, you can't make compliance claims to auditors. Without pre-send domain intelligence, your agent can send to a phishing domain and you won't know until the damage is done.
MultiMail is an email API built specifically for AI agents, with the accountability layer built in from the start. Every outbound message carries an ECDSA-signed `X-MultiMail-Identity` claim that cryptographically binds the sending agent to the message — no post-hoc attribution required. The graduated oversight model (read_only → gated_all → gated_send → monitored → autonomous) is formally verified in Lean 4, so the behavioral guarantees aren't marketing claims — they're machine-checked proofs. Pre-send domain intelligence runs on every recipient address before the message leaves your account, flagging disposable addresses, newly registered domains, and known phishing infrastructure. EU AI Act compliance documentation is included for high-risk AI system operators.
Create a mailbox via `POST /v1/mailboxes` or the MCP `create_mailbox` tool. Each mailbox is bound to the operator's signing identity. When the agent sends, MultiMail automatically attaches a signed `X-MultiMail-Identity` claim — an ECDSA P-256 payload plus signature covering the oversight mode, capabilities, AI-generated flag, and operator plus mailbox identity (the issued-at timestamp is a field inside the signed claim). The signing public key is served from `GET https://api.multimail.dev/.well-known/multimail-signing-key`, so any recipient can verify it.
Before any outbound message is queued, MultiMail runs a pre-send check on the recipient domain. Disposable email providers, domains with no valid MX, and domains with poor platform reputation are caught server-side. A recipient that fails the check is blocked: the send returns a 422 with `{ error, reason, tier: "red" }` rather than a bounce after delivery, so your agent can handle it instead of damaging your sender reputation.
Set `oversight_mode: gated_send` so your agent reads and classifies inbound email autonomously but every outbound message routes to a human approval queue before delivery. Use `list_pending` to retrieve queued messages and `decide_email` to approve or cancel. Upgrade to `monitored` once you've established a baseline of agent behavior you trust.
Every approved send is logged with the agent identity signature, the approver identity, and a content hash. Use `read_email` or `get_thread` to retrieve the full signed audit trail. For EU AI Act Article 13 transparency obligations, the audit log is exportable in structured format with the formal proof reference included.
MultiMail's oversight model is proven correct in Lean 4. The proof source is published and machine-checkable. If your compliance team or an external auditor needs to verify that `gated_send` mode cannot be bypassed by a misbehaving agent, they can run `lake build` against the proof file — no trust in MultiMail's word required.
Pick your platform, copy the prompt, and paste it to your AI agent — it sets up MultiMail and builds the whole flow. Nothing to fill in.
Every outbound message carries an ECDSA-signed `X-MultiMail-Identity` claim covering the oversight mode, capabilities, AI-generated flag, and operator plus mailbox identity. Recipients and auditors can verify which agent sent a message without relying on MultiMail's logs. AgentMail has no equivalent — you get a sender address, not a verifiable identity.
MultiMail's oversight modes are proven correct in Lean 4. The behavioral guarantees — that `gated_send` cannot be bypassed, that approval decisions are recorded before delivery — are machine-checked proofs, not documentation claims. This matters when auditors ask you to demonstrate your AI system's human oversight controls.
Every outbound address is checked before the message leaves your account. Disposable providers, domains with no valid MX, and poor-reputation domains are blocked at send time with a 422, so the problem surfaces to your agent or pipeline before delivery, not after a bounce or abuse report.
For operators running high-risk AI systems under EU AI Act Article 13, MultiMail provides structured audit logs with proof references, transparency disclosures, and oversight mode documentation. AgentMail has no compliance documentation layer.
Start at `gated_send` during evaluation, move to `monitored` once you've established a behavioral baseline, and switch to `autonomous` for fully trusted agents. Each mode change is reflected in the audit log. AgentMail offers no oversight progression model.
Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.