Generic email APIs weren't designed for agents. MultiMail provides cryptographically signed agent identity, graduated oversight controls, and compliance built in — not bolted on.
When an AI agent sends email through a generic SMTP relay or transactional API, three things are missing: recipients have no way to verify the message came from an agent rather than a human, your organization has no mechanism to review or gate what the agent sends, and you have no audit trail that satisfies EU AI Act Article 50 disclosure requirements. These aren't edge cases — they're the default failure mode when you wire an LLM to a generic email API.
MultiMail is a purpose-built email API for AI agents. Every sent message carries a cryptographic signature identifying the sending agent. Oversight mode controls whether sends go immediately or wait for human approval. The full audit trail — what the agent tried to send, who approved it, and when — is stored automatically. Access via the REST API at https://api.multimail.dev — call it directly with any HTTP client such as Python's requests — or the 51-tool MCP server that works directly inside Claude Desktop, Cursor, and Windsurf.
POST to /v1/mailboxes to provision a mailbox on your domain or at @multimail.dev. Your API key (mm_live_... for production, mm_test_... for sandbox testing) authenticates every request. Each mailbox signs its outbound mail with an X-MultiMail-Identity claim — a signed payload carrying the operator and mailbox identity — so recipients can verify the message without trusting the From header.
Set oversight_mode on the mailbox. gated_send (the default) lets your agent read autonomously but holds outbound messages in a pending queue until a human approves. gated_all gates reads too. monitored lets the agent act freely while notifying a human. autonomous is available once trust is established. The mode is enforced server-side — the agent cannot override it.
POST to /v1/mailboxes/{mailbox_id}/send to send. GET /v1/mailboxes/{mailbox_id}/emails to check incoming messages. Under gated_send, a send call returns immediately with status pending_scan and an id. The message sits in the approval queue until a human approves it via the dashboard or POST /v1/oversight/decide.
Register a webhook endpoint to receive real-time events: oversight.approved, oversight.rejected, message.delivered, message.received. Your agent subscribes to these events and continues its workflow once a human approves a draft — no polling required. Webhook payloads are signed with HMAC-SHA256 for verification.
Every send attempt, approval decision, and delivery event is written to an immutable audit trail. CAN-SPAM required headers are validated before delivery — missing unsubscribe links or physical addresses are rejected outright. EU AI Act Article 50 disclosure — the X-AI-Generated header plus a human-readable footer — is added automatically to every outbound message. It is gateway-enforced and cannot be disabled.
Pick your platform, copy the prompt, and paste it to your AI agent — it sets up MultiMail and builds the whole flow. Nothing to fill in.
Every email sent through MultiMail carries an X-MultiMail-Identity claim — an ECDSA P-256 signed payload covering the oversight mode, capabilities, the AI-generated flag, and the operator plus mailbox identity. Recipients verify it at https://multimail.dev/verify without trusting the From header. Combined with the gateway-enforced X-AI-Generated header, this satisfies EU AI Act Article 50 disclosure without any additional instrumentation.
Start with gated_send — your agent reads freely but all outbound messages hold for human review. Promote to monitored once you've validated the agent's judgment on your specific use case, then to autonomous when full trust is established. The mode is enforced server-side and cannot be bypassed by the agent.
Required CAN-SPAM headers — unsubscribe mechanism, physical address, honest From — are validated before delivery. Missing fields are rejected, not silently dropped. EU AI Act disclosure — the X-AI-Generated header and a human-readable footer — is appended automatically to every agent-originated message. It is gateway-enforced and locked on per mailbox.
Beyond REST, MultiMail ships an MCP server with 51 tools covering the full email lifecycle: send_email, reply_email, check_inbox, read_email, get_thread, set_tags, decide_email, add_contact, and more. Install once via npx @multimail/mcp-server and any MCP-compatible client gets full email access.
Every send attempt, approval decision, rejection, and delivery event is logged to an append-only audit trail. You can reconstruct exactly what an agent tried to send, who reviewed it, what they decided, and when — which matters when an enterprise customer or regulator asks.
mm_test_... keys validate the full request contract — auth, required fields, compliance checks — but discard the message before delivery. Switch to mm_live_... for real delivery. Both key types hit the same base URL. No separate test environment configuration, no mock servers, no delivery side effects during development.
Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.