Authenticated, Verifiable Email from AI Agents

MultiMail provisions domains with SPF, DKIM, and DMARC alignment and adds signed identity metadata so every agent-sent email is both deliverable and provable.


Why this matters

Standard email authentication protocols — SPF, DKIM, DMARC, ARC — were designed for servers, not agents. They answer 'did this domain send this message?' but not 'which agent sent it, under whose authorization, and with what oversight level?' Teams building production AI agents hit this gap quickly: deliverability requires proper DNS alignment, but compliance under frameworks like the EU AI Act also requires provenance — knowing exactly which model instance generated an email and whether a human approved it. Bolting identity tracking onto standard authentication after the fact produces fragile, unauditable systems.


How MultiMail solves this

MultiMail handles both layers together. Domain provisioning generates DKIM keypairs, publishes SPF and DMARC records, and configures ARC sealing automatically. On top of that, every outbound message carries a cryptographically signed X-MultiMail-Identity header — an ECDSA P-256 claim that records the operator and mailbox identity, the oversight mode, the agent's capabilities, and the AI-generated flag. Recipients — and your own audit logs — can verify both the domain authentication chain and the agent provenance chain independently. This means standard spam filters see a properly authenticated sender while your compliance tooling sees a fully attributable agent action.

1

Configure your sending domain

Call the domain configuration endpoint with your domain. MultiMail generates a DKIM keypair (RSA-2048 or Ed25519), returns the DNS records you need to publish, and sets the selector. You keep ownership of your domain; MultiMail signs on your behalf using the provisioned key.

2

Publish DNS records and verify alignment

Publish the TXT records for SPF (v=spf1 include:send.multimail.dev ~all), DKIM selector, and DMARC policy. MultiMail polls for propagation and runs an alignment check — SPF envelope-from, DKIM d= tag, and From header domain must all match for DMARC to pass. Misalignment is reported before you send a single message.

3

Sign outbound messages with agent identity

When your agent sends via POST /v1/mailboxes/{mailbox_id}/send (or replies via /reply/{email_id}), MultiMail appends a signed X-MultiMail-Identity header — an ECDSA P-256 signed claim covering the operator and mailbox identity, the oversight mode active at send time, the agent's capabilities, and the AI-generated flag. This identity claim is signed by MultiMail's own signing key (verifiable at /.well-known/multimail-signing-key) and is separate from the DKIM key on your domain — domain authentication and agent provenance are two independent layers.

4

Send authenticated email

Every outbound message leaves MultiMail with DKIM signature, SPF alignment, DMARC policy in effect, ARC sealing for forwarded messages, and the agent identity header. Your audit log records the full authentication state for every send event.


Try it with your agent

Pick your platform, copy the prompt, and paste it to your AI agent — it sets up MultiMail and builds the whole flow. Nothing to fill in.

1. Get MultiMail ready: read https://multimail.dev/llms.txt, connect the MCP server, create a free inbox, and set up a verified sender. 2. In Salesforce, use Flow Builder with a record-triggered flow on Lead, Contact, Case, or Opportunity records where an agent-written email is needed, and use an outbound message or HTTP callout action to notify this agent when the record meets the sending criteria. 3. For each triggered record, draft the email from Salesforce fields such as name, company, case status, opportunity stage, owner, and recent activity; include the operator identity, mailbox identity, AI-generated status, agent capability scope, and the intended business purpose in the sending context. 4. Send or schedule through MultiMail in monitored mode so messages can proceed while activity remains visible for audit, escalation, and provenance review. 5. Ask me only for Salesforce credentials, the Salesforce object and trigger conditions, approved brand voice, sender domain, and any required compliance wording before going live.

What you get

Standard deliverability, no manual DNS work

MultiMail generates correct SPF, DKIM, and DMARC record values for your domain and verifies alignment before your agent sends a single message. Misconfigured authentication is the most common cause of AI-sent email landing in spam.

Per-agent provenance on every message

The signed X-MultiMail-Identity header records the operator and mailbox that sent each message, under which oversight mode, with which capabilities, and that it was AI-generated. This is separate from DKIM — domain authentication proves the sender, identity signing proves the agent.

EU AI Act compliance evidence

The EU AI Act requires disclosure and traceability for AI-generated content. MultiMail's identity headers and audit log provide the artifact trail auditors need: operator and mailbox identity, oversight level, and the AI-generated flag on every message.

ARC support for forwarded email

Authenticated Received Chain (ARC) preserves the authentication state when messages are forwarded through mailing lists or other intermediaries. MultiMail seals ARC headers automatically so your agent's email survives forwarding without losing DMARC pass status.

Audit log tied to authentication events

Every domain verification and send event is written to the MultiMail audit log, retrievable via GET /v1/audit-log. You can reconstruct exactly what was sent, when, from which mailbox, and under which oversight mode.


Recommended oversight mode

Recommended
monitored
Authentication configuration is a one-time setup action that benefits from human review, but ongoing authenticated sends are routine and auditable. Monitored mode lets your agent send email autonomously while your team receives notifications for every message. The signed identity header gives you a full audit trail without requiring human approval on each send, which would create bottlenecks in high-volume workflows.

Common questions

Do I need to transfer DNS control of my domain to MultiMail?
No. You keep full DNS control. MultiMail returns the specific TXT record values you need to publish (SPF include, DKIM selector, DMARC policy). You add those records in your registrar or DNS provider. MultiMail then polls to confirm propagation and runs the alignment check.
What is the difference between DKIM signing and MultiMail identity signing?
DKIM answers 'did mail.yourcompany.com authorize this message?' — it authenticates the sending domain. MultiMail identity signing answers 'which agent sent this message, under whose oversight?' — it authenticates the agent within the domain. Both signatures travel in headers on the same message. DKIM is read by receiving mail servers; the identity header is read by your audit tooling and any recipient who wants to verify provenance.
Does MultiMail support DMARC reporting (rua/ruf)?
Yes. When you configure your domain, you can specify a DMARC aggregate report address (rua) and a forensic report address (ruf). MultiMail sets the correct DMARC TXT record values. You receive DMARC reports from receiving mail servers directly — they go to your address, not through MultiMail.
What happens to authentication when emails are forwarded?
MultiMail adds ARC (Authenticated Received Chain) headers on every outbound message. When a message is forwarded through a mailing list or email alias, the ARC seal preserves the original authentication state so receiving servers can still determine the message passed SPF and DKIM at origin, even if the forwarded envelope breaks SPF alignment.
How does the EU AI Act apply to AI-sent email?
The EU AI Act's transparency obligations (Articles 50 and 52) require that recipients be informed when they are interacting with an AI system, and that AI-generated content be traceable. For email, this means disclosure that the message was generated by an AI agent and the ability to identify which system sent it. MultiMail's identity headers and audit log provide the traceability artifact; you are still responsible for including appropriate disclosure text in the message body.
Can I use my own DKIM keypair instead of the one MultiMail generates?
Yes. You can supply an existing Ed25519 or RSA-2048 private key during domain configuration. MultiMail will use your key for DKIM signing rather than generating a new one. This is useful if you have an existing key rotation process or if your security team requires key custody to remain internal.
How do I verify the agent identity header on a message I receive?
The X-MultiMail-Identity header is a base64url payload plus an ECDSA P-256 signature; the payload carries the operator and mailbox identity, oversight mode, capabilities, and the AI-generated flag. Fetch MultiMail's signing public key from the unauthenticated /.well-known/multimail-signing-key endpoint and verify the signature — no API credentials and no per-agent key lookup required. This lets recipients verify agent provenance without needing access to your MultiMail account.

Explore more use cases

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.