Email Infrastructure with Compliance Built In, Not Bolted On

MultiMail embeds EU AI Act disclosure, GDPR consent handling, and human review evidence into every agent email — giving compliance teams a single platform layer to evaluate and approve.

The problem

Why this matters

Compliance teams are increasingly asked to sign off on AI agent email deployments without a consistent infrastructure layer to evaluate. Policy questions about disclosure, auditability, and human review land on compliance officers who must assess each deployment individually — often after the fact. The result is ad-hoc controls stitched together at the application layer: disclosure statements added manually by developers, audit trails kept in spreadsheets, review workflows running through Slack. Three regulatory frameworks create concrete obligations for organizations deploying AI agents that generate or send email. EU AI Act Article 50(1) requires disclosure that content is AI-generated when systems interact with natural persons, unless it is obvious from context. GDPR Article 6 requires a documented lawful basis for processing personal data, and Article 21 gives individuals the right to object to direct marketing at any time. CAN-SPAM requires accurate sender identification, a functioning opt-out mechanism, and honor of opt-out requests within 10 business days. Each of these touches the email delivery layer — and none of them can be reliably enforced by application code alone, because application code changes.

The solution

How MultiMail solves this

MultiMail moves compliance controls out of application code and into the email delivery infrastructure. Disclosure headers, human review gates, audit logs, and opt-out mechanics are configured at the mailbox level, not the application level. This means compliance officers can evaluate a deployment by reviewing its mailbox configuration rather than auditing every codebase that sends email through it. The gated_send oversight mode is designed for compliance-sensitive deployments: agents can read and draft autonomously, but every outbound message is held for human review before delivery. Reviewers see full message content, the agent's metadata, and the compliance tags associated with the mailbox. Approval and rejection decisions are stored as immutable records with reviewer identity, timestamp, and notes — exportable for GDPR Article 30 records of processing and SOC 2 Type II evidence packages.

1

Map Applicable Regulations to Mailbox Configuration

Create a mailbox for each email program and tag it with the regulations that apply. MultiMail tracks eu-ai-act, gdpr, and can-spam compliance tags at the mailbox level. These tags drive disclosure behavior, consent checking, and unsubscribe enforcement without requiring per-message application code.

2

Enable AI Disclosure on Every Outbound Message

Set ai_disclosure at the mailbox level or per-message. MultiMail injects a disclosure statement into the message body and sets the X-AI-Generated header on every send. This provides the technical disclosure mechanism required under EU AI Act Article 50(1) for AI-generated content directed at natural persons.

3

Configure Human Review Policy for Outbound Email

Set the mailbox oversight_mode to gated_send. Every outbound message the agent queues is held in a review queue accessible via the API and the MultiMail dashboard. Compliance officers or designated reviewers approve or reject each message before delivery. The review decision, reviewer identity, and timestamp are stored as immutable audit records.

4

Audit Sample Messages Across the Review Queue

Use list_pending to retrieve held messages and read_email to inspect full message content, headers, and agent-supplied metadata. Tag reviewed messages with tag_email to record compliance status. The audit trail is queryable by date range, mailbox, tag, and reviewer identity for evidence gathering.

5

Document Controls for Internal and External Auditors

MultiMail audit log exports provide timestamped records of every send attempt, review decision, disclosure injection, and oversight mode change. These records export in structured JSON and CSV formats suitable for GDPR Article 30 records of processing activities and SOC 2 Type II evidence packages.

Code examples

Implementation

Create a Compliance-Tagged Mailbox with gated_send
bash
curl -X POST https://api.multimail.dev/v1/create_mailbox \
  -H &"cm">#039;Authorization: Bearer $MULTIMAIL_API_KEY' \
  -H &"cm">#039;Content-Type: application/json' \
  -d &"cm">#039;{
    "name": "compliance-agent",
    "domain": "multimail.dev",
    "oversight_mode": "gated_send",
    "ai_disclosure": true,
    "compliance_tags": ["eu-ai-act", "gdpr", "can-spam"]
  }&"cm">#039;

"cm"># Response
"cm"># {
"cm">#   "mailbox_id": "mbox_01HXXX",
"cm">#   "address": "[email protected]",
"cm">#   "oversight_mode": "gated_send",
"cm">#   "ai_disclosure": true,
"cm">#   "compliance_tags": ["eu-ai-act", "gdpr", "can-spam"]
"cm"># }

Provision a mailbox with disclosure enabled, gated_send oversight, and compliance tags. Every outbound message from this mailbox will require human approval before delivery and will include an AI disclosure statement.

Send with AI Disclosure — Message Held for Review
python
import multimail

client = multimail.Client(api_key="$MULTIMAIL_API_KEY")

response = client.send_email(
    from_address="[email protected]",
    to="[email protected]",
    subject="Q2 Regulatory Reporting Summary",
    body="""Key findings for Q2:
- 3 policy exceptions flagged for review
- 2 vendor assessments pending
- 0 reportable incidents

Full report attached.""",
    ai_disclosure=True,
    metadata={
        "agent_id": "compliance-reviewer-v1",
        "regulation_context": "eu-ai-act-article-50"
    }
)

"cm"># Message is held in review queue — not delivered until approved
print(f"Status: {response.status}")          "cm"># queued_for_review
print(f"Email ID: {response.email_id}")      "cm"># email_01HXXX
print(f"Review URL: {response.review_url}")

Send an email with ai_disclosure enabled. MultiMail injects the disclosure statement and holds the message in the review queue. The agent receives a queued status, not a delivered status.

Audit the Review Queue and Record Approval Decisions
python
import multimail

client = multimail.Client(api_key="$MULTIMAIL_API_KEY")

"cm"># Retrieve all messages awaiting human review
pending = client.list_pending(
    mailbox="[email protected]"
)

for message in pending.emails:
    "cm"># Read full message content including headers
    full_message = client.read_email(email_id=message.email_id)

    print(f"Subject: {full_message.subject}")
    print(f"To: {full_message.to}")
    print(f"AI disclosure injected: {full_message.ai_disclosure_present}")
    print(f"X-AI-Generated header: {full_message.headers.get(&"cm">#039;X-AI-Generated')}")

    # Compliance officer records decision
    decision = client.decide_email(
        email_id=message.email_id,
        decision="approve",  # or "reject"
        reviewer_note="Reviewed for GDPR lawful basis and CAN-SPAM compliance. Approved."
    )

    print(f"Decision: {decision.decision} logged at {decision.logged_at}")
    print(f"Reviewer: {decision.reviewer_id}")

Fetch all pending messages, inspect full content including injected disclosure, and record an approve or reject decision. Each decision is stored with reviewer identity and timestamp.

Tag Reviewed Messages and Export Audit Evidence
python
import multimail

client = multimail.Client(api_key="$MULTIMAIL_API_KEY")

"cm"># Apply compliance review tags to an approved message
client.tag_email(
    email_id="email_01HXXX",
    tags=[
        "compliance-reviewed",
        "gdpr-lawful-basis-confirmed",
        "can-spam-compliant",
        "eu-ai-act-disclosure-present"
    ]
)

"cm"># Retrieve all compliance-reviewed messages for a reporting period
reviewed = client.check_inbox(
    mailbox="[email protected]",
    tags=["compliance-reviewed"],
    after="2026-01-01",
    before="2026-03-31"
)

print(f"Total reviewed messages: {reviewed.total}")
print(f"Approved: {reviewed.counts.approved}")
print(f"Rejected: {reviewed.counts.rejected}")
print(f"Audit log export: {reviewed.export_url}")

Apply compliance tags to reviewed messages for queryable audit trails. Retrieve tagged messages by date range for SOC 2 or GDPR Article 30 evidence packages.

Benefits

What you get

Infrastructure-Level Disclosure, Not Application Code

AI disclosure under EU AI Act Article 50 is configured at the mailbox level. Every agent routing through a disclosure-enabled mailbox gets the required disclosure injected automatically — no per-agent code changes, no risk of disclosure being omitted when application code is updated.

Immutable Audit Records for Every Review Decision

Every approve and reject decision on a gated message is stored as an immutable record with reviewer identity, timestamp, and reviewer notes. Records are exportable in structured JSON and CSV for GDPR Article 30 records of processing and SOC 2 Type II evidence packages.

Consistent Policy Across All Agent Deployments

Oversight mode, disclosure settings, and compliance tags are configured at the mailbox level. Compliance officers review the mailbox configuration once rather than auditing every agent codebase. New agents that route through the same mailbox inherit the same controls automatically.

CAN-SPAM and GDPR Mechanics at the Delivery Layer

Unsubscribe header injection, sender identification, and opt-out link enforcement are handled by MultiMail before message delivery. CAN-SPAM and GDPR Article 21 requirements are enforced at the infrastructure layer, not dependent on individual agent behavior.

Formally Verified Oversight Model

MultiMail's oversight, identity, and authorization models are proven correct in Lean 4 and verified in CI on every push. The gated_send mode cannot be bypassed by application code — the guarantee is mathematical, not just tested.

Oversight

Recommended oversight mode

Recommended
gated_send
Compliance deployments require a human reviewer to confirm that every outbound message meets applicable regulatory requirements before delivery. gated_send allows agents to read and draft autonomously — supporting research, reporting, and inbox monitoring workflows — while requiring reviewer approval for all outbound sends. The audit risk in most compliance programs is in what the agent sends, not in what it reads. If your compliance policy also requires logging all data access (for example, HIPAA minimum necessary access documentation), gated_all provides a review gate on read operations as well.
FAQ

Common questions

Does MultiMail's AI disclosure satisfy EU AI Act Article 50?
MultiMail's disclosure injection adds a statement identifying content as AI-generated to the message body and sets the X-AI-Generated header on every send. Article 50(1) requires disclosure when AI systems interact with natural persons, unless it is obvious from context. Whether the injected disclosure is sufficient for a specific deployment depends on the use case — a transactional notification from a clearly identified AI agent is treated differently than a message designed to appear human-authored. MultiMail provides the technical disclosure mechanism; your legal team determines whether the disclosure language and placement satisfy Article 50 for your specific context.
How does gated_send differ from gated_all for compliance purposes?
gated_send requires human approval only for outbound sends. Agents can read inbound email, check the inbox, and retrieve threads autonomously. gated_all requires human approval for all agent actions including reads, sends, replies, and tag operations. For most compliance deployments, gated_send is appropriate because audit risk concentrates on what the agent sends. If your compliance policy requires logging and approving all data access — for example, HIPAA minimum necessary access documentation — gated_all provides a review gate on read operations as well.
Can we export audit logs in a format suitable for GDPR Article 30 or SOC 2?
Yes. Audit log exports include timestamped records of every send attempt, review decision, disclosure injection, oversight mode change, and reviewer identity. Exports are available as structured JSON and CSV. The record schema covers GDPR Article 30(1) requirements for records of processing activities, including the purpose of processing, categories of data subjects, and the existence of automated decision-making.
Does MultiMail handle CAN-SPAM unsubscribe mechanics automatically?
MultiMail injects a List-Unsubscribe header on all outbound commercial email from can-spam tagged mailboxes and can inject a compliant opt-out link into message bodies. Unsubscribe requests processed through MultiMail are recorded and suppressed in future sends from the same mailbox. You remain responsible for ensuring your suppression list is honored across all sending systems in your organization — MultiMail enforces suppression at the mailbox level, not globally across unrelated email infrastructure.
What happens when a reviewer rejects a message in gated_send mode?
The message is discarded and not delivered. The rejection decision is logged with the reviewer's identity, timestamp, and reviewer notes. The agent receives a rejected status in the decide_email response and can handle it programmatically — for example, to draft a revised message, escalate to a human, or terminate the workflow. Rejected messages are retained in the audit log for 90 days by default.
Can different agents in the same organization have different oversight levels?
Yes. Oversight mode is set at the mailbox level. You can create a mailbox with gated_send for an agent handling external regulatory communications and a separate mailbox with monitored for an agent handling internal status updates. Each mailbox has its own compliance tags, oversight mode, and disclosure settings. Compliance officers can grant different agents access to different mailboxes based on risk level.
Is there a way to test the review workflow before approving a production deployment?
Yes. Use a test API key (mm_test_...) to send messages in sandbox mode. Test-mode messages go through the full gated_send review flow — they are queued, held for review, and require a decide_email call to complete — but are never delivered to real recipients. This lets compliance officers verify the review interface, audit log output, disclosure injection, and unsubscribe header behavior before approving a production deployment.
Related

Explore more use cases

EU AI Act Article 50 Email Compliance

legal

View guide →

State AI Disclosure Law Compliance

legal

View guide →

GDPR AI Email Compliance

legal

View guide →
Get started

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a 50-tool MCP server. Formally verified in Lean 4.

Read the Docs See Pricing