Machine-Readable AI Disclosure for Every Email Your Agent Sends

ECDSA P-256 signed identity headers that let any recipient programmatically verify an email was AI-generated, who operated the agent, and what oversight was in place.

The problem

Why this matters

Regulators worldwide are mandating AI disclosure in communications, but there is no standard way to make that disclosure machine-readable. A footer saying "This email was sent by AI" is easy for humans to read but impossible for downstream systems to parse reliably. Email providers, compliance tools, and receiving agents need a structured, cryptographically verifiable signal — not a line of prose buried in the body. Without a machine-readable header, organizations cannot build automated AI-email filtering, cannot prove disclosure compliance to auditors, and cannot verify that a disclosure claim is authentic rather than spoofed.

The solution

How MultiMail solves this

MultiMail attaches two headers to every AI-sent email. X-AI-Generated: true is an unsigned convenience header for simple filtering. X-MultiMail-Identity is the real payload: an ECDSA P-256 signed, base64url-encoded JSON claim containing ai_generated, operator, oversight mode, capabilities, reputation hash, and timestamps. Anyone can verify the signature against the public key published at /.well-known/multimail-signing-key. Unlike DKIM — which cannot sign custom headers via Postmark and breaks on forwarding — the MultiMail identity claim is independently verifiable, carries richer metadata, and survives DKIM breakage. The ai_disclosure mailbox setting defaults to true and can be disabled for human-operated mailboxes.

1

Agent Sends Email via MultiMail API

Your AI agent calls the /v1/send endpoint. MultiMail checks the mailbox's ai_disclosure setting (default: true). If enabled, the system prepares the identity claim.

2

Identity Claim is Constructed

MultiMail builds a JSON payload with ai_generated, operator, oversight mode, capabilities, verified_operator status, service identifier, creation timestamp (iat), and a reputation_hash. Keys are sorted for canonical JSON serialization to ensure deterministic signing.

3

Payload is Signed with ECDSA P-256

The canonical JSON is signed with MultiMail's ECDSA P-256 private key. The signature and payload are base64url-encoded and attached as the X-MultiMail-Identity header. A plain X-AI-Generated: true header is also added.

4

Body Disclosure Block is Appended

A human-readable sig block — including 'This email was sent by an AI agent.' — is appended to the email body, satisfying text-based disclosure requirements alongside the machine-readable header.

5

Recipient Verifies the Claim

Any recipient or intermediate system fetches the public key from multimail.dev/.well-known/multimail-signing-key, decodes the base64url header, and verifies the ECDSA signature. The verification page at multimail.dev/verify provides a browser-based tool for manual checks.

Code examples

Implementation

Send an Email with AI Disclosure
python
import requests
import json
import base64

API = "https://api.multimail.dev/v1"
HEADERS = {"Authorization": "Bearer mm_live_xxx"}

"cm"># Send — disclosure headers are added automatically
resp = requests.post(
    f"{API}/send",
    headers=HEADERS,
    json={
        "from": "[email protected]",
        "to": "[email protected]",
        "subject": "Q1 Report Summary",
        "text_body": "Here is your Q1 report summary..."
    }
)
message_id = resp.json()["message_id"]
print(f"Sent with AI disclosure: {message_id}")

"cm"># Later: read received email and decode the identity header
resp = requests.get(
    f"{API}/inbox",
    headers=HEADERS,
    params={"mailbox": "[email protected]", "limit": 1}
)
email = resp.json()["emails"][0]
identity_header = email["headers"].get("X-MultiMail-Identity", "")

if identity_header:
    "cm"># Decode the base64url payload (before signature verification)
    parts = identity_header.split(".")
    payload_bytes = base64.urlsafe_b64decode(parts[0] + "==")
    claim = json.loads(payload_bytes)
    print(f"AI generated: {claim[&"cm">#039;ai_generated']}")
    print(f"Operator: {claim[&"cm">#039;operator']}")
    print(f"Oversight: {claim[&"cm">#039;oversight']}")

Send an email via the MultiMail API. AI disclosure headers are attached automatically when ai_disclosure is enabled on the mailbox.

Verify Identity Signature in TypeScript
typescript
async function verifyIdentityHeader(
  header: string
): Promise<{ valid: boolean; claim: Record<string, unknown> | null }> {
  "cm">// Header format: base64url(payload).base64url(signature)
  const [payloadB64, signatureB64] = header.split(".");
  if (!payloadB64 || !signatureB64) {
    return { valid: false, claim: null };
  }

  "cm">// Fetch the public key
  const keyResp = await fetch(
    "https://multimail.dev/.well-known/multimail-signing-key"
  );
  const jwk = await keyResp.json();

  const publicKey = await crypto.subtle.importKey(
    "jwk",
    jwk,
    { name: "ECDSA", namedCurve: "P-256" },
    false,
    ["verify"]
  );

  "cm">// Decode base64url
  const payloadBytes = Uint8Array.from(
    atob(payloadB64.replace(/-/g, "+").replace(/_/g, "/")),
    (c) => c.charCodeAt(0)
  );
  const signatureBytes = Uint8Array.from(
    atob(signatureB64.replace(/-/g, "+").replace(/_/g, "/")),
    (c) => c.charCodeAt(0)
  );

  "cm">// Verify ECDSA P-256 signature
  const valid = await crypto.subtle.verify(
    { name: "ECDSA", hash: "SHA-256" },
    publicKey,
    signatureBytes,
    payloadBytes
  );

  const claim = valid
    ? JSON.parse(new TextDecoder().decode(payloadBytes))
    : null;

  return { valid, claim };
}

Fetch the public key and cryptographically verify the X-MultiMail-Identity header using Web Crypto API.

Fetch Public Key and Decode Header via CLI
bash
"cm"># Fetch the public signing key
curl -s https://multimail.dev/.well-known/multimail-signing-key | jq .

"cm"># Decode an X-MultiMail-Identity header payload
"cm"># (replace HEADER_VALUE with the actual base64url string before the dot)
HEADER="eyJhaV9nZW5lcmF0ZWQiOnRydWUsIm9wZXJhdG9yIjoiYWNtZS1jb3JwIn0"
echo "$HEADER" | tr &"cm">#039;_-' '/+' | base64 -d | jq .

"cm"># Full pipeline: fetch an email and extract the identity claim
curl -s -H "Authorization: Bearer mm_live_xxx" \
  "https://api.multimail.dev/v1/[email protected]&limit=1" \
  | jq -r &"cm">#039;.emails[0].headers["X-MultiMail-Identity"]' \
  | cut -d. -f1 \
  | tr &"cm">#039;_-' '/+' \
  | base64 -d \
  | jq .

Use curl and base64 to fetch the signing key and inspect a disclosure header from the command line.

Example Decoded Identity Claim
json
{
  "ai_generated": true,
  "capabilities": ["send", "reply", "read"],
  "created": "2026-03-15T09:30:00Z",
  "iat": 1773750600,
  "operator": "acme-corp",
  "oversight": "gated_send",
  "reputation_hash": "sha256:a1b2c3d4e5f6...truncated",
  "service": "multimail",
  "verified_operator": true
}

The full JSON payload contained in an X-MultiMail-Identity header after base64url decoding.

Benefits

What you get

Cryptographically Verifiable Disclosure

ECDSA P-256 signatures let any recipient prove an email was AI-generated without trusting the sender. The public key at /.well-known/multimail-signing-key makes verification independent of MultiMail's API.

Survives DKIM Breakage

DKIM via Postmark only signs From, Date, Subject, MIME-Version, Content-Type, Content-Transfer-Encoding, To, and Message-ID — it cannot sign custom headers. The MultiMail identity claim is self-contained and verifiable even when DKIM breaks on forwarding.

Richer Metadata Than Plain Headers

Beyond a boolean ai_generated flag, the signed claim includes the operator identity, oversight mode, agent capabilities, reputation hash, and timestamps — everything a receiving system needs for policy decisions.

Formally Verified Tamper Evidence

MultiMail's Lean 4 formal proofs include the tamper_evident_ai_generated theorem, which proves that modifying the ai_generated field invalidates the signature. This is not just tested — it is mathematically proven.

Opt-Out for Human Mailboxes

The ai_disclosure mailbox setting defaults to true. Mailboxes operated by humans can disable it, ensuring headers are only attached when the email is genuinely AI-generated.

Oversight

Recommended oversight mode

Recommended
monitored
AI disclosure headers are attached automatically by the system and do not alter email content. The disclosure is a factual, cryptographic assertion — not a creative decision. Monitored mode lets the human review the audit log without blocking every send, since the header content is deterministic and cannot misrepresent the sender.
FAQ

Common questions

Can a sender fake the X-AI-Generated header?
The unsigned X-AI-Generated: true header is a convenience signal and can be spoofed. That is why the X-MultiMail-Identity header exists: it is ECDSA P-256 signed, and the signature can only be produced by MultiMail's private key. Verify the signature against the public key at multimail.dev/.well-known/multimail-signing-key to confirm authenticity.
Why not rely on DKIM to authenticate the disclosure?
Postmark's DKIM implementation signs only a fixed set of standard headers (From, Date, Subject, MIME-Version, Content-Type, Content-Transfer-Encoding, To, Message-ID). Custom headers like X-MultiMail-Identity are not covered. Additionally, DKIM signatures break on forwarding. The ECDSA identity claim is independently verifiable regardless of DKIM status.
What does the reputation_hash field contain?
The reputation_hash is a SHA-256 hash of the sending mailbox's reputation metrics at send time. It lets a verifier confirm that the reputation data has not been altered after the fact, without exposing the raw reputation scores in the header.
How do I disable AI disclosure for a human-operated mailbox?
Set ai_disclosure to false in the mailbox configuration via the API or MCP configure_mailbox tool. This prevents the X-AI-Generated and X-MultiMail-Identity headers from being attached to emails sent from that mailbox.
What is canonical JSON serialization and why does it matter?
Canonical JSON means the keys are sorted alphabetically and serialized deterministically before signing. This ensures the same claim always produces the same byte sequence, so the ECDSA signature is reproducible and verifiable. Without canonical serialization, key ordering differences would produce different signatures for identical claims.
Does this satisfy EU AI Act email disclosure requirements?
The EU AI Act requires that AI-generated content be disclosed to recipients. MultiMail provides both human-readable disclosure (body sig block) and machine-readable disclosure (signed header). Together they satisfy the requirement for clear and conspicuous AI labeling. See the EU AI Act compliance use case for full regulatory detail.
What does the Lean 4 tamper_evident_ai_generated proof guarantee?
The formal proof mathematically demonstrates that any modification to the ai_generated field in the identity claim will cause signature verification to fail. This is stronger than test coverage — it holds for all possible inputs, not just tested cases.
How do MultiMail's identity headers relate to NIST agent identity standards?
NIST's AI Agent Standards Initiative identifies four requirements for agent identity infrastructure: federated, cryptographically verifiable, domain-anchored, and already deployed. MultiMail's X-MultiMail-Identity header satisfies all four — it's ECDSA P-256 signed (cryptographic), tied to the sender's domain (domain-anchored), verifiable via a public /.well-known/ endpoint (federated), and live in production today (deployed). Email authentication is the only existing system meeting all four NIST criteria simultaneously.
Related

Explore more use cases

Compliance Notifications

legal

View guide →

EU AI Act Article 50 Email Compliance

legal

View guide →

State AI Disclosure Law Compliance

legal

View guide →

Agent Identity Standards (NIST)

legal

View guide →
Get started

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a 38-tool MCP server. Formally verified in Lean 4.

Read the Docs See Pricing