ECDSA P-256 signed identity headers that let any recipient programmatically verify an email was AI-generated, who operated the agent, and what oversight was in place.
Regulators worldwide are mandating AI disclosure in communications, but there is no standard way to make that disclosure machine-readable. A footer saying "This email was sent by AI" is easy for humans to read but impossible for downstream systems to parse reliably. Email providers, compliance tools, and receiving agents need a structured, cryptographically verifiable signal — not a line of prose buried in the body. Without a machine-readable header, organizations cannot build automated AI-email filtering, cannot prove disclosure compliance to auditors, and cannot verify that a disclosure claim is authentic rather than spoofed.
MultiMail attaches two headers to every AI-sent email. X-AI-Generated: true is an unsigned convenience header for simple filtering. X-MultiMail-Identity is the real payload: an ECDSA P-256 signed, base64url-encoded JSON claim containing ai_generated, operator, oversight mode, capabilities, reputation hash, and timestamps. Anyone can verify the signature against the public key published at /.well-known/multimail-signing-key. Unlike DKIM — which cannot sign custom headers and breaks on forwarding — the MultiMail identity claim is independently verifiable, carries richer metadata, and survives DKIM breakage. AI disclosure is gateway-enforced per mailbox: the ai_disclosure setting is locked on and cannot be disabled, so every agent-originated message carries the disclosure.
Your AI agent calls POST /v1/mailboxes/{mailbox_id}/send. AI disclosure is gateway-enforced — the mailbox's ai_disclosure setting is locked on — so MultiMail always prepares the identity claim for agent-originated mail.
MultiMail builds a JSON payload with ai_generated, operator, oversight mode, capabilities, verified_operator status, service identifier, creation timestamp (iat), and a reputation_hash. Keys are sorted for canonical JSON serialization to ensure deterministic signing.
The canonical JSON is signed with MultiMail's ECDSA P-256 private key. The signature and payload are base64url-encoded and attached as the X-MultiMail-Identity header. A plain X-AI-Generated: true header is also added.
A human-readable sig block — including 'This email was sent by an AI agent.' — is appended to the email body, satisfying text-based disclosure requirements alongside the machine-readable header.
Any recipient or intermediate system fetches the public key from multimail.dev/.well-known/multimail-signing-key, decodes the base64url header, and verifies the ECDSA signature. The verification page at multimail.dev/verify provides a browser-based tool for manual checks.
Pick your platform, copy the prompt, and paste it to your AI agent — it sets up MultiMail and builds the whole flow. Nothing to fill in.
ECDSA P-256 signatures let any recipient prove an email was AI-generated without trusting the sender. The public key at /.well-known/multimail-signing-key makes verification independent of MultiMail's API.
DKIM only signs From, Date, Subject, MIME-Version, Content-Type, Content-Transfer-Encoding, To, and Message-ID — it cannot sign custom headers. The MultiMail identity claim is self-contained and verifiable even when DKIM breaks on forwarding.
Beyond a boolean ai_generated flag, the signed claim includes the operator identity, oversight mode, agent capabilities, reputation hash, and timestamps — everything a receiving system needs for policy decisions.
MultiMail's Lean 4 formal proofs include the tamper_evident_ai_generated theorem, which proves that modifying the ai_generated field invalidates the signature. This is not just tested — it is mathematically proven.
AI disclosure is gateway-enforced: the ai_disclosure setting is locked on per mailbox and cannot be disabled. A recipient can trust that the absence of the X-AI-Generated header and signed disclosure means the message was not sent as agent-originated mail through MultiMail — disclosure is never quietly turned off.
Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.