Email Infrastructure with Compliance Built In, Not Bolted On

MultiMail embeds EU AI Act disclosure, GDPR consent handling, and human review evidence into every agent email — giving compliance teams a single platform layer to evaluate and approve.


Why this matters

Compliance teams are increasingly asked to sign off on AI agent email deployments without a consistent infrastructure layer to evaluate. Policy questions about disclosure, auditability, and human review land on compliance officers who must assess each deployment individually — often after the fact. The result is ad-hoc controls stitched together at the application layer: disclosure statements added manually by developers, audit trails kept in spreadsheets, review workflows running through Slack. Three regulatory frameworks create concrete obligations for organizations deploying AI agents that generate or send email. EU AI Act Article 50(1) requires disclosure that content is AI-generated when systems interact with natural persons, unless it is obvious from context. GDPR Article 6 requires a documented lawful basis for processing personal data, and Article 21 gives individuals the right to object to direct marketing at any time. CAN-SPAM requires accurate sender identification, a functioning opt-out mechanism, and honor of opt-out requests within 10 business days. Each of these touches the email delivery layer — and none of them can be reliably enforced by application code alone, because application code changes.


How MultiMail solves this

MultiMail moves compliance controls out of application code and into the email delivery infrastructure. Disclosure headers, human review gates, audit logs, and opt-out mechanics are configured at the mailbox level, not the application level. This means compliance officers can evaluate a deployment by reviewing its mailbox configuration rather than auditing every codebase that sends email through it. The gated_send oversight mode is designed for compliance-sensitive deployments: agents can read and draft autonomously, but every outbound message is held for human review before delivery. Reviewers see full message content, the agent's metadata, and the compliance tags associated with the mailbox. Approval and rejection decisions are stored as immutable records with reviewer identity, timestamp, and notes — exportable for GDPR Article 30 records of processing and SOC 2 Type II evidence packages.

1

Map Email Programs to Dedicated Mailboxes

Create a dedicated mailbox for each email program so its oversight mode, disclosure behavior, and audit trail are scoped and reviewable in one place. AI disclosure (EU AI Act Article 50) is enforced at the send gateway for every mailbox, and suppression/unsubscribe handling runs at the infrastructure level — neither requires per-message application code.

2

AI Disclosure Is Enforced on Every Outbound Message

AI disclosure is locked on for every mailbox and enforced at the send gateway — it cannot be disabled (a request to set ai_disclosure to false is rejected with 400). MultiMail injects a human-readable disclosure footer into the message body and sets the X-AI-Generated: true header on every send. This provides the technical disclosure mechanism required under EU AI Act Article 50(1) for AI-generated content directed at natural persons.

3

Configure Human Review Policy for Outbound Email

Set the mailbox oversight_mode to gated_send. Every outbound message the agent queues is held in a review queue accessible via the API and the MultiMail dashboard. Compliance officers or designated reviewers approve or reject each message before delivery. The review decision, reviewer identity, and timestamp are stored as immutable audit records.

4

Audit Sample Messages Across the Review Queue

Use GET /v1/oversight/pending to retrieve held messages and GET /v1/mailboxes/{mailbox_id}/emails/{email_id} to inspect full message content and headers. Tag reviewed messages via PUT /v1/mailboxes/{mailbox_id}/emails/{email_id}/tags to record compliance status. The audit trail (GET /v1/audit-log) is queryable for evidence gathering.

5

Document Controls for Internal and External Auditors

MultiMail audit log exports provide timestamped records of every send attempt, review decision, disclosure injection, and oversight mode change. These records export in structured JSON and CSV formats suitable for GDPR Article 30 records of processing activities and SOC 2 Type II evidence packages.


Try it with your agent

Pick your platform, copy the prompt, and paste it to your AI agent — it sets up MultiMail and builds the whole flow. Nothing to fill in.

1. Get MultiMail ready: read https://multimail.dev/llms.txt, connect the MCP server, create a free inbox, and set up a verified sender. 2. In ServiceNow Integrated Risk Management, watch the relevant assessment, risk, control, or policy exception table using Flow Designer on record created or updated, or use the ServiceNow Table API to find records where the AI email deployment is ready for compliance review. 3. For each triggered record, read the deployment owner, business purpose, recipient category, data processed, lawful basis, review requirement, opt-out handling, and requested launch date; draft a compliance review email that summarizes the decision needed, lists missing evidence, and states that outbound agent email must remain under human review until approved. 4. If evidence is incomplete, schedule a follow-up email to the record owner two business days later; if evidence is complete, compose an approval-request email to the named reviewer with the key facts and a clear approve/reject question. 5. Run all outbound mail in MultiMail gated_send oversight mode, and ask me only for the ServiceNow credentials, the target table or saved filter, reviewer names, and brand voice before going live.

What you get

Infrastructure-Level Disclosure, Not Application Code

AI disclosure under EU AI Act Article 50 is enforced at the send gateway and locked on for every mailbox. Every agent routing through MultiMail gets the required disclosure injected automatically — no per-agent code changes, no risk of disclosure being omitted when application code is updated, and no way to switch it off.

Immutable Audit Records for Every Review Decision

Every approve and reject decision on a gated message is stored as an immutable record with reviewer identity, timestamp, and reviewer notes. Records are exportable in structured JSON and CSV for GDPR Article 30 records of processing and SOC 2 Type II evidence packages.

Consistent Policy Across All Agent Deployments

Oversight mode and disclosure enforcement are set at the mailbox level. Compliance officers review the mailbox configuration once rather than auditing every agent codebase. New agents that route through the same mailbox inherit the same controls automatically.

CAN-SPAM and GDPR Mechanics at the Delivery Layer

Unsubscribe header injection, sender identification, and opt-out link enforcement are handled by MultiMail before message delivery. CAN-SPAM and GDPR Article 21 requirements are enforced at the infrastructure layer, not dependent on individual agent behavior.

Formally Verified Oversight Model

MultiMail's oversight, identity, and authorization models are proven correct in Lean 4 and verified in CI on every push. The gated_send mode cannot be bypassed by application code — the guarantee is mathematical, not just tested.


Recommended oversight mode

Recommended
gated_send
Compliance deployments require a human reviewer to confirm that every outbound message meets applicable regulatory requirements before delivery. gated_send allows agents to read and draft autonomously — supporting research, reporting, and inbox monitoring workflows — while requiring reviewer approval for all outbound sends. The audit risk in most compliance programs is in what the agent sends, not in what it reads. If your compliance policy also requires logging all data access (for example, HIPAA minimum necessary access documentation), gated_all provides a review gate on read operations as well.

Common questions

Does MultiMail's AI disclosure satisfy EU AI Act Article 50?
MultiMail's disclosure injection adds a statement identifying content as AI-generated to the message body and sets the X-AI-Generated header on every send. Article 50(1) requires disclosure when AI systems interact with natural persons, unless it is obvious from context. Whether the injected disclosure is sufficient for a specific deployment depends on the use case — a transactional notification from a clearly identified AI agent is treated differently than a message designed to appear human-authored. MultiMail provides the technical disclosure mechanism; your legal team determines whether the disclosure language and placement satisfy Article 50 for your specific context.
How does gated_send differ from gated_all for compliance purposes?
gated_send requires human approval only for outbound sends. Agents can read inbound email, check the inbox, and retrieve threads autonomously. gated_all requires human approval for all agent actions including reads, sends, replies, and tag operations. For most compliance deployments, gated_send is appropriate because audit risk concentrates on what the agent sends. If your compliance policy requires logging and approving all data access — for example, HIPAA minimum necessary access documentation — gated_all provides a review gate on read operations as well.
Can we export audit logs in a format suitable for GDPR Article 30 or SOC 2?
Yes. Audit log exports include timestamped records of every send attempt, review decision, disclosure injection, oversight mode change, and reviewer identity. Exports are available as structured JSON and CSV. The record schema covers GDPR Article 30(1) requirements for records of processing activities, including the purpose of processing, categories of data subjects, and the existence of automated decision-making.
Does MultiMail handle CAN-SPAM unsubscribe mechanics automatically?
MultiMail injects a List-Unsubscribe header on all outbound commercial email from can-spam tagged mailboxes and can inject a compliant opt-out link into message bodies. Unsubscribe requests processed through MultiMail are recorded and suppressed in future sends from the same mailbox. You remain responsible for ensuring your suppression list is honored across all sending systems in your organization — MultiMail enforces suppression at the mailbox level, not globally across unrelated email infrastructure.
What happens when a reviewer rejects a message in gated_send mode?
The message is discarded and not delivered. The rejection decision is logged with the reviewer's identity and timestamp. The POST /v1/oversight/decide call with action 'reject' returns a status of 'rejected', which the agent can handle programmatically — for example, to draft a revised message, escalate to a human, or terminate the workflow. Rejected messages are retained in the audit log for 90 days by default.
Can different agents in the same organization have different oversight levels?
Yes. Oversight mode is set at the mailbox level. You can create a mailbox with gated_send for an agent handling external regulatory communications and a separate mailbox with monitored for an agent handling internal status updates. Each mailbox has its own compliance tags, oversight mode, and disclosure settings. Compliance officers can grant different agents access to different mailboxes based on risk level.
Is there a way to test the review workflow before approving a production deployment?
Yes. Use a test API key (mm_test_...) to send messages in sandbox mode. Test-mode messages go through the full gated_send review flow — they are queued, held for review, and require a POST /v1/oversight/decide call to complete — but are never delivered to real recipients. This lets compliance officers verify the review interface, audit log output, disclosure injection, and unsubscribe header behavior before approving a production deployment.

Explore more use cases

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.